[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Ideal(istic) Xen firewall design

Hi Mike,

Mike Tierney schrieb:

But it is still tempting to just do away with the seperate firewall vm and
do all the firewalling in Dom0!
There is one more reason to put the firewall into a guest system: The guests use the smaller kernels (without hardware support etc.), so there is less possibility of kernel bugs that can be used to crack the firewall. It is more of a statistic perspective but with firewalling everything should be used to avoid leaks, I think.

I begin to like the idea of moving my firewall into a guest system. I will start first work on that today.


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.