• Leigh Stoller's avatar
    Server side of firewall support for XEN containers. · 2faea2f3
    Leigh Stoller authored
    This differs from the current firewall support, which assumes a single
    firewall for an entire experiment, hosted on a dedicated physical
    node. At some point, it would be better to host the dedicated firewall
    inside a XEN container, but that is a project for another day (year).
    
    Instead, I added two sets of firewall rules to the default_firewall_rules
    table, one for dom0 and another for domU. These follow the current
    style setup of open,basic,closed, while elabinelab is ignored since it
    does not make sense for this yet.
    
    These two rules sets are independent, the dom0 rules can be applied to
    the physical host, and domU rules can be applied to specific
    containers.
    
    My goal is that all shared nodes will get the dom0 closed rules (ssh
    from local boss only) to avoid the ssh attacks that all of the racks
    are seeing.
    
    DomU rules can be applied on a per-container (node) basis. As
    mentioned above this is quite different, and needed minor additions to
    the virt_nodes table to allow it.
    2faea2f3
Name
Last commit
Last update
account Loading commit data...
apache Loading commit data...
apt Loading commit data...
assign Loading commit data...
autoconf Loading commit data...
backend Loading commit data...
bugdb Loading commit data...
capture Loading commit data...
cdrom Loading commit data...
clientside Loading commit data...
collab Loading commit data...
daikon Loading commit data...
db Loading commit data...
delay Loading commit data...
dhcpd Loading commit data...
discvr Loading commit data...
doc Loading commit data...
event Loading commit data...
firewall Loading commit data...
flash Loading commit data...
fwrules Loading commit data...
hw_config Loading commit data...
hyperviewer Loading commit data...
image-test Loading commit data...
install Loading commit data...
ipod Loading commit data...
mote Loading commit data...
named Loading commit data...
node_usage Loading commit data...
ntpd Loading commit data...
os Loading commit data...
patches Loading commit data...
pelab Loading commit data...
protogeni Loading commit data...
pxe Loading commit data...
rc.d Loading commit data...
robots Loading commit data...
rpms Loading commit data...
security Loading commit data...
sensors Loading commit data...
sql Loading commit data...
ssl Loading commit data...
sysadmin Loading commit data...
tbsetup Loading commit data...
testsuite Loading commit data...
tip Loading commit data...
tmcd Loading commit data...
tools Loading commit data...
utils Loading commit data...
vis Loading commit data...
wiki Loading commit data...
www Loading commit data...
xmlrpc Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.gitmodules Loading commit data...
.loc-ignore Loading commit data...
AGPL-COPYING Loading commit data...
GNUmakefile.in Loading commit data...
GNUmakerules Loading commit data...
GPL-COPYING Loading commit data...
LGPL-COPYING Loading commit data...
MOVED-TO-WIKI Loading commit data...
Makeconf.in Loading commit data...
README Loading commit data...
TODO Loading commit data...
TODO.plab Loading commit data...
VERSION Loading commit data...
WEBtemplate.in Loading commit data...
config.h.in Loading commit data...
configure Loading commit data...
configure.in Loading commit data...
defs-default Loading commit data...
defs-duerig-emulab Loading commit data...
defs-elabinelab Loading commit data...
defs-example Loading commit data...
defs-gtw-emulab Loading commit data...
defs-johnsond-emulab Loading commit data...
defs-kwebb-emulab Loading commit data...
defs-mike-emulab Loading commit data...
defs-ricci-emulab Loading commit data...
defs-stoller-emulab Loading commit data...
defs-stoller-home Loading commit data...
defs-stoller-lbsdb Loading commit data...
defs-uky Loading commit data...
defs-utahclient Loading commit data...
defs-wbsun-emulab Loading commit data...
defs-wide Loading commit data...