[libvirt] Proposed: always allow packets internal to an interface
Gene Czarcinski
gene at czarc.net
Thu Nov 8 23:13:46 UTC 2012
On 11/08/2012 05:41 PM, Gene Czarcinski wrote:
> The reult is a very private IPv6 network between the virtual guest
> systems.
A bit of clarification on why I would want such a capability (and, in
truth, I have it today but I wanted to make it more automatic and
available to anyone else).
Lets say that (hypothetically) we want to set up a firewall, dmz,
whatever so that we can (hypothetically)do some attack testing against
the systems.
To say the least (at least in the USA) this is very much frond upon on
the real Internet. So, set up a real heardware network ... this gets
expensive real fast.
So, virtualization to the rescue. Set up your network configuration on
some very private networks (yes, they will need their own dns, dhcp, RA,
etc., etc. services).
I can do it (and have) but I thought this might be useful to others.
Obviously, this update should be accompanied by some documentation
updates which explain what can be done.
Gene
More information about the libvir-list
mailing list