On 21 Dec 2009, at 1:02pm, Matt wrote: > is it possible to enforce any kind of anti-spoofing in XVM? > > For example, with a Linux dom0 in bridge mode and using a combination of > iptables and ebtables rules in the xen vif script, I can chain a domU to a > given MAC and IP address(es) such that the 'evil user' of that domU cannot > spoof traffic destined for any other MAC and IP - they simply end up making > their network connection unresponsive. > > Is it possible to somehow achieve the same under XVM?
Link Protection (http://arc.opensolaris.org/caselog/PSARC/2009/436/) can be used to implement some (perhaps all) of what you want. Currently it's not integrated into the xVM tools, so you have to do some manual manipulation of the properties of the vnic used by a guest. _______________________________________________ xen-discuss mailing list [email protected]
