> That seems to work fine: this rule gives domain 1 access to the vpn, 
> and with a NAT rule in domain 0, access to the Internet:
>
> ADD ACCEPT srcaddr=192.168.101.1 srcaddrmask=255.255.255.255 dst=ANY 
> srcdom=1 srcidx=0 dstdom=0 dstidx=0 proto=any
>
> Is there a way to see what the VFR rules currently are? /proc/xen/vfr 
> can be read but returns nothing. Also, is there any way to flush the 
> VFR rules?
You can delete a rule by echoing a DELETE command to
/proc/xen/vfr. e.g., to delete the rule you give as an example above,
you would send the following to /proc/xen/vfr:
DELETE ACCEPT srcaddr=192.168.101.1 srcaddrmask=255.255.255.255 dst=ANY 
srcdom=1 srcidx=0 dstdom=0 dstidx=0 proto=any
Deletion doesn't get much testing -- hopefully it won;t wedge the
machine. :-)
To print the VFR rules, 'echo PRINT >/proc/xen/vfr'. This prints the
rule list in a hideous format onto Xen's emergency console(!). We
ought to have a better 'get rules' interface really, but teh VFR will
go away with teh new IO world in a short while.
 -- Keir
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel