ebtables ipv6 support

If it doesn't fit in another category, ask it here.
dan223
Posts: 64
Joined: 2006/11/13 18:12:14
Contact:

Re: ebtables ipv6 support

Postby dan223 » 2015/01/14 14:14:31

Neither option would work for us :(

User avatar
Super Jamie
Posts: 308
Joined: 2014/01/10 23:44:51

Re: ebtables ipv6 support

Postby Super Jamie » 2015/01/14 14:21:34

How about deploying another system in front of the EL5 system, where the other system acts as the firewall for the traffic you need to filter and lets everything else through?

The small firewall system could run EL6 or EL7, or even some targeted firewall/router distro which provides a Xen image like OpenWrt.

dan223
Posts: 64
Joined: 2006/11/13 18:12:14
Contact:

Re: ebtables ipv6 support

Postby dan223 » 2015/01/14 14:26:27

The main purpose of this currently is to limit certain IP's to certain VIF's to stop IP stealing as well as preventing ARP attacks, which is why ebtables is being used at the moment.

User avatar
Super Jamie
Posts: 308
Joined: 2014/01/10 23:44:51

Re: ebtables ipv6 support

Postby Super Jamie » 2015/01/14 15:00:09

So you're firewalling the bridges in Dom0 and an EL5 DomU either has its traffic accepted or denied, but the DomU knows nothing of the firewall?

If so, can you replace the EL5 Dom0 with an EL6 Dom0? I'm barely literate in Xen terminology but I believe that's possible to do.

You're at the limit of my knowledge of Xen, and I can't think of anything else which would let you run IPv6 ebtables on EL5. Let us know what you come up with.