qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 4/4] Add support for -net bridge


From: Jamie Lokier
Subject: Re: [Qemu-devel] [PATCH 4/4] Add support for -net bridge
Date: Mon, 9 Nov 2009 19:19:10 +0000
User-agent: Mutt/1.5.13 (2006-08-11)

Anthony Liguori wrote:
> You are correct except that I qualified this as NAT with host access 
> which so far is the common model.  If the host can access the NAT'd 
> network behind the NAT, then port privileges are important.

You're right.

This is why QEMU guests should be run inside an LXC container :-)

Or in the general case, a security-conscious net-setup script should
ensure general user invocations are limited to admin-decided subnets
with admin-decided firewall rules, so that they just look like
processes with ordinary access to everything else.

Iptables being what it is, that'd have to be distro specific and
sometimes site specific.

-- Jamie




reply via email to

[Prev in Thread] Current Thread [Next in Thread]