On 11/23/2010 01:48 PM, carlopmart wrote:
On 11/23/2010 01:42 PM, Bret Lambert wrote:
Because you're still relying on your host's network stack, you aren't
actually firewalling it.
Uhmm .. I am not sure about this. For example: you can configure several virtual
bridges under a ESXi host and then attach them to a virtual firewall like
OpenBSD.
If you configure some pf rules, you are doing firewalling ... In this case you
have
all network stack except layer 1, correct??
And one more thing: with latest releases of hypervisors like ESXi and KVM (I don't
know about xen), you can attach physical hardware to a specific guest, like network
interfaces. Then, you have all network stack asigned to a virtual machine. Where are
the disadvantages in scenarios like this??
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
