On 01/17/2011 08:09 PM, W. Michael Petullo wrote:
One of our VMs has a special relationship with a port on Dom0. I'd like to be able to add a firewall rule that allows input packets from vifX.0 to Dom0 on this port.
I could use this too, where I have a DomU providing iSCSI services to other DomU's using phy: disks. Right now starting up the dependent DomU's is a manual intervention - I need to write a simple chat from DomU to Dom0 to tell it to proceed. In my case I can do it by IP address, but for scaling out, the dynamic method would be swell.
I seem to recall several heated (sic) discussions on bugzilla and fedora-devel over various approaches to automated ad-hoc firewall rules. The Xen scripts can probably handle this now but it might be nice to eventually integrate if a proper Fedora solution is constructed.
-Bill