Re: Can we run a qemu instance as a dedicated home network firewall?

To: debian-user@lists.debian.org
Subject: Re: Can we run a qemu instance as a dedicated home network firewall?
From: "Douglas A. Tutty" <dtutty@porchlight.ca>
Date: Sun, 30 Mar 2008 14:04:59 -0400
Message-id: <[🔎] 20080330180459.GF6842@titan.hooton>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20080330152026.GB10652@earthlink.net>
References: <[🔎] 20080330152026.GB10652@earthlink.net>

On Sun, Mar 30, 2008 at 11:20:26AM -0400, Mitchell Laks wrote:
> Can we use a virtual qemu linux machine as a firewall for 
> a real home network?

Well, on normal i386 hardware (unlike e.g. Zseries with LPARs),
virtualization doesn't gain you any security really.  Think of it this
way: the only way an attacker can break the firewall if its running
natively on the one box, is a bug in the kernel.  With virtualizaiton,
you're relying on both no bugs in the kernel and no bugs in the quemu.  

This comes up a lot on misc@openbsd.org.  Their analysis shoes that it
decreases security to use software virtualization.  

Those old 486s didn't themselves take much power.  If the problem is
noise, you could replace the drives with industrial CF cards for the
firewall.

doug.

Reply to:

Follow-Ups:
- Re: Can we run a qemu instance as a dedicated home network firewall?
  - From: Mitchell Laks <mlaks@post.harvard.edu>

References:
- Can we run a qemu instance as a dedicated home network firewall?
  - From: Mitchell Laks <mlaks@post.harvard.edu>

Prev by Date: Re: want to speed up laptop
Next by Date: Re: most lightweight debian server
Previous by thread: Can we run a qemu instance as a dedicated home network firewall?
Next by thread: Re: Can we run a qemu instance as a dedicated home network firewall?
Index(es):
- Date
- Thread