How to block ping?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How to block ping?

MANU SHANTHARAM
Hi,

I have setup Xen(3.0) ACM ON. There are two guest domains with labels (PepsiCo & Hertz, following user manual). Ping from one guest domain to another should fail as they have different labels, but I am able to ping. Have I missed any configuration? Or is it normal behavior?

Thanks,
Manu

_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel
Reply | Threaded
Open this post in threaded view
|

Re: How to block ping?

Reiner Sailer

Hi,

I submitted an RFC patch to Xense-devel some time ago. It sets all the filter rules in Domain0 so that only domains can exchange network traffic (including ping) if they share a common type.

This patch is not integrated into the main stream so you need to patch it in manually (see current limitations section in Xen User Guide Chapter 10). It worked when it was submitted.
http://lists.xensource.com/archives/html/xense-devel/2006-08/msg00003.html

Reiner
__________________________________________________________
Reiner Sailer, Research Staff Member, Secure Systems Department
IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532
Phone: 914 784 6280  (t/l 863)  Fax: 914 784 6205, [hidden email]  
http://www.research.ibm.com/people/s/sailer/



"MANU SHANTHARAM" <[hidden email]>
Sent by: [hidden email]

11/23/2006 09:50 PM

To
[hidden email]
cc
Subject
[Xense-devel] How to block ping?





Hi,

I have setup Xen(3.0) ACM ON. There are two guest domains with labels (PepsiCo & Hertz, following user manual). Ping from one guest domain to another should fail as they have different labels, but I am able to ping. Have I missed any configuration? Or is it normal behavior?

Thanks,
Manu
_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel


_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel