Those of you that use Xen may have noticed that, by default, Xen adds some iptables rules when a VM starts, so to ensure that some specific packets are actually forwarded to the virtual machines. If, for any reason, those rules are wiped away, it would be nice to recover them, wouldn't it?
I found out it's quite easy. The following script will just echo the iptables commands so you can safely test it on a running dom0. If it does something that you actually need, just wipe those echo
's away!
#!/bin/bash xm list | perl -alne 'next if not $F[1] > 0 ; print "@F[0,1]"' | while read VM ID do xm network-list $ID | perl -alne 'next if not $F[0] =~ m{^d+$} ; print $F[0]' | while read IFID do VIF="vif$ID.$IFID" echo iptables -A FORWARD -m physdev --physdev-in $VIF -s $VM -j ACCEPT echo iptables -A FORWARD -m physdev --physdev-in $VIF -p udp --sport bootpc --dport bootps -j ACCEPT done done
I am using Perl here because I know it better than awk, but I am sure that awk can accomplish the same task as well as perl does.