On 30/01/13 05:14, Kevin Chadwick wrote: >> So anyway, my memory of this is all very wishy-washy, but ebtables >> turned out to be the best way to implement those inter-VM restrictions. >> It could probably have been done in iptables, but ebtables made it easy >> to say "don't let these two talk." > > I don;t know the details but I expect that would be a false sense of > security and that you would want a secure switch or ssh or ipsec. >
Put each vm into its own private vlan and use a firewall on the host to control traffic between them ... seems a better way to go! BillK
