[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Ideal(istic) Xen firewall design

To: Mike Tierney <miket@xxxxxxxxxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
From: "Dirk H. Schulz" <dirk.schulz@xxxxxxxxxxxxx>
Date: Mon, 15 Aug 2005 08:01:01 +0200
Delivery-date: Mon, 15 Aug 2005 05:59:16 +0000
List-id: Xen user discussion <xen-users.lists.xensource.com>

Hi Mike,

Mike Tierney schrieb:

But it is still tempting to just do away with the seperate firewall vm and
do all the firewalling in Dom0!

There is one more reason to put the firewall into a guest system: Theguests use the smaller kernels (without hardware support etc.), so thereis less possibility of kernel bugs that can be used to crack thefirewall. It is more of a statistic perspective but with firewallingeverything should be used to avoid leaks, I think.

I begin to like the idea of moving my firewall into a guest system. Iwill start first work on that today.


Dirk

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] Ideal(istic) Xen firewall design
  - From: Martin Maney
- Re: [Xen-users] Ideal(istic) Xen firewall design
  - From: Marcus Brown

References:
- RE: [Xen-users] Ideal(istic) Xen firewall design
  - From: Mike Tierney

Prev by Date: Re: [Xen-users] Ideal(istic) Xen firewall design
Next by Date: Re: [Xen-users] Ideal(istic) Xen firewall design
Previous by thread: Re: [Xen-users] Ideal(istic) Xen firewall design
Next by thread: Re: [Xen-users] Ideal(istic) Xen firewall design
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.