Christ Schlacta wrote: >You may end up with simply a bridge firewall. I recently did the >same thing, and am of a mind that for my purposes, an individual >firewall on each vm is preferable.
That's the solution I came up with as well. On my hosts I run a very basic set of iptables rules on the outside interfaces (just to protect the host from the outside), and then run Shorewall on each VM. The biggest problem as I see it is the constantly changing network config. Each time you start of stop a VM, network ports on the bridge appear or disappear (at least with Xen). -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users