> So anyway, my memory of this is all very wishy-washy, but ebtables > turned out to be the best way to implement those inter-VM restrictions. > It could probably have been done in iptables, but ebtables made it easy > to say "don't let these two talk."
I don;t know the details but I expect that would be a false sense of security and that you would want a secure switch or ssh or ipsec. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) _______________________________________________________________________
