On Wed, Dec 24, 2008 at 05:09:34PM -0500, Fred Oliver wrote: > Shouldn't I be able to use ipfilter rules to block traffic to xvm > guests on the guest's vnic? > > If I create a guest and add a filter rule to block all incoming traffic, > I can still ssh into the guest. Why?
Traffic for the guests doesn't go through the dom0 IP stack, so it doesn't go through the dom0 IP filter rules. The layer 2 filter project will add filter hooks lower in the protocol stack and will allow you to do what you want. > Is this related to 6778531? > http://monaco.sfbay.sun.com/detail.jsf?cr=6778531 No.
