[Pkg-xen-devel] Bug#430778: xen-utils-common: Here's proposed workaround script

Olivier Berger olivier.berger at int-edu.eu
Wed Jun 27 12:14:12 UTC 2007 

Package: xen-utils-common
Followup-For: Bug #430778

Here's a patch I made to have working rules here... feel free to comment/adapt.

Hope this helps


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-4-xen-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages xen-utils-common depends on:
ii  lsb-base                      3.1-23.1   Linux Standard Base 3.1 init scrip
ii  udev                          0.105-4    /dev/ and hotplug management daemo

xen-utils-common recommends no packages.

-- no debconf information
-------------- next part --------------
--- vif-common.sh.orig	2007-06-27 14:11:32.000000000 +0200
+++ vif-common.sh	2007-06-27 13:38:14.000000000 +0200
@@ -81,6 +81,35 @@
 If you are using iptables, this may affect networking for guest domains."
 }
 
+function frob2_iptable()
+{
+  if [ "$command" == "online" ]
+  then
+    local c="-A"
+  else
+    local c="-D"
+  fi
+
+#iptables -F FORWARD
+# iptables -A FORWARD -d 192.168.2.100/32 -m state --state ESTABLISHED,RELATED -j ACCEPT
+# iptables -A FORWARD -s 192.168.2.100/32 -j ACCEPT
+# iptables -A FORWARD -j LOG
+
+  iptables "$c" FORWARD -d "$@" -m state --state ESTABLISHED,RELATED -j ACCEPT \
+    2>/dev/null ||
+    [ "$c" == "-D" ] ||
+    log err \
+     "iptables $c FORWARD -d $@ -m state --state ESTABLISHED,RELATED -j ACCEPT failed.
+If you are using iptables, this may affect networking for guest domains."
+
+   iptables "$c" FORWARD -s "$@" -j ACCEPT \
+    2>/dev/null ||
+    [ "$c" == "-D" ] ||
+    log err \
+     "iptables $c FORWARD -s $@ -j ACCEPT failed.
+If you are using iptables, this may affect networking for guest domains."
+}
+
 
 ##
 # Add or remove the appropriate entries in the iptables.  With antispoofing
@@ -105,7 +134,8 @@
       local addr
       for addr in "$ip"
       do
-        frob_iptable -s "$addr"
+#        frob_iptable -s "$addr"
+        frob2_iptable "$addr"
       done
 
       # Always allow the domain to talk to a DHCP server.

More information about the Pkg-xen-devel mailing list