| 1 |
On 30/01/13 05:14, Kevin Chadwick wrote: |
| 2 |
>> So anyway, my memory of this is all very wishy-washy, but ebtables |
| 3 |
>> turned out to be the best way to implement those inter-VM restrictions. |
| 4 |
>> It could probably have been done in iptables, but ebtables made it easy |
| 5 |
>> to say "don't let these two talk." |
| 6 |
> |
| 7 |
> I don;t know the details but I expect that would be a false sense of |
| 8 |
> security and that you would want a secure switch or ssh or ipsec. |
| 9 |
> |
| 10 |
|
| 11 |
Put each vm into its own private vlan and use a firewall on the host to |
| 12 |
control traffic between them ... seems a better way to go! |
| 13 |
|
| 14 |
BillK |
Archives