Re: [libvirt] [PATCH 0/3] test cases for spoofing prevention
On Thu, Sep 09, 2010 at 03:59:30PM +0200, Gerhard Stenzel wrote:
On Thu, 2010-09-09 at 14:48 +0100, Daniel P. Berrange wrote:
> On Wed, Jun 16, 2010 at 04:08:00PM +0200, gstenzel(a)linux.vnet.ibm.com wrote:
> > The following patches add a set of test cases to verify that several spoofing
attacks are prevented by the nwfilter subsystem.
> >
> > In order to have a well defined test machine a virtual disk is installed from
scratch over the network.
> > I am currently trying to find a suitable location for the kickstart file.
>
> Do you have the suitable 'ks.cfg' you used with these test scripts ? The
> test files look good to me and I'm going to commit them all now. We just
> need the ks.cfg so we can make it work - I'll make it pull it off a floppy
> disk image
>
> Regards,
> Daniel
Here is the one I used. I could update it to a newer fedora version, if
necessary:
Thanks, this one worked fine for me. I've committed your patches to
the GIT repository, and added a couple of follow on changes. I made
it use virtio instead of scsi for the disk, since RHEL6 doesn't ship
with SCSI enabled. I also use mkisofs to put the kickstart file into
a tiny ISO image and then boot with ks=cdrom:/ks.cfg so we can avoid
needing a web service in the host to provision it. I also changed the
filter name from 'no-spoofing' to 'clean-traffic' since libvirt does
not have any 'no-spoofing' filter by default & IIUC 'clean-traffic'
should be suitable for your tests.
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|