On 11/23/2010 02:30 PM, Timo Schoeler wrote:
thus carlopmart spake:
On 11/23/2010 01:48 PM, carlopmart wrote:
On 11/23/2010 01:42 PM, Bret Lambert wrote:
Because you're still relying on your host's network stack, you aren't
actually firewalling it.
Uhmm .. I am not sure about this. For example: you can configure
several virtual
bridges under a ESXi host and then attach them to a virtual firewall
like OpenBSD.
If you configure some pf rules, you are doing firewalling ... In this
case you have
all network stack except layer 1, correct??
And one more thing: with latest releases of hypervisors like ESXi and
KVM (I don't know about xen), you can attach physical hardware to a
specific guest, like network interfaces. Then, you have all network
stack asigned to a virtual machine. Where are the disadvantages in
scenarios like this??
Thanks.
http://kerneltrap.org/mailarchive/openbsd-misc/2007/10/24/352059
Yes, but this question is three years old and hypervisors have changed ....
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
