Anthony Liguori wrote: > You are correct except that I qualified this as NAT with host access > which so far is the common model. If the host can access the NAT'd > network behind the NAT, then port privileges are important.
You're right. This is why QEMU guests should be run inside an LXC container :-) Or in the general case, a security-conscious net-setup script should ensure general user invocations are limited to admin-decided subnets with admin-decided firewall rules, so that they just look like processes with ordinary access to everything else. Iptables being what it is, that'd have to be distro specific and sometimes site specific. -- Jamie
