1 |
On 30/01/13 05:14, Kevin Chadwick wrote: |
2 |
>> So anyway, my memory of this is all very wishy-washy, but ebtables |
3 |
>> turned out to be the best way to implement those inter-VM restrictions. |
4 |
>> It could probably have been done in iptables, but ebtables made it easy |
5 |
>> to say "don't let these two talk." |
6 |
> |
7 |
> I don;t know the details but I expect that would be a false sense of |
8 |
> security and that you would want a secure switch or ssh or ipsec. |
9 |
> |
10 |
|
11 |
Put each vm into its own private vlan and use a firewall on the host to |
12 |
control traffic between them ... seems a better way to go! |
13 |
|
14 |
BillK |