Server side of firewall support for XEN containers.
This differs from the current firewall support, which assumes a single firewall for an entire experiment, hosted on a dedicated physical node. At some point, it would be better to host the dedicated firewall inside a XEN container, but that is a project for another day (year). Instead, I added two sets of firewall rules to the default_firewall_rules table, one for dom0 and another for domU. These follow the current style setup of open,basic,closed, while elabinelab is ignored since it does not make sense for this yet. These two rules sets are independent, the dom0 rules can be applied to the physical host, and domU rules can be applied to specific containers. My goal is that all shared nodes will get the dom0 closed rules (ssh from local boss only) to avoid the ssh attacks that all of the racks are seeing. DomU rules can be applied on a per-container (node) basis. As mentioned above this is quite different, and needed minor additions to the virt_nodes table to allow it.
Showing
- sql/database-create.sql 3 additions, 1 deletionsql/database-create.sql
- sql/database-fill.sql 2 additions, 0 deletionssql/database-fill.sql
- sql/updates/4/387 33 additions, 0 deletionssql/updates/4/387
- tbsetup/ns2ir/node.tcl 10 additions, 1 deletiontbsetup/ns2ir/node.tcl
- tbsetup/ns2ir/nstb_compat.tcl 1 addition, 0 deletionstbsetup/ns2ir/nstb_compat.tcl
- tbsetup/ns2ir/tb_compat.tcl.in 14 additions, 0 deletionstbsetup/ns2ir/tb_compat.tcl.in
- tmcd/tmcd.c 133 additions, 70 deletionstmcd/tmcd.c
Loading
Please register or sign in to comment