[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Can we run a qemu instance as a dedicated home network firewall?

On Sun, Mar 30, 2008 at 11:20:26AM -0400, Mitchell Laks wrote:
> Can we use a virtual qemu linux machine as a firewall for 
> a real home network?

Well, on normal i386 hardware (unlike e.g. Zseries with LPARs),
virtualization doesn't gain you any security really.  Think of it this
way: the only way an attacker can break the firewall if its running
natively on the one box, is a bug in the kernel.  With virtualizaiton,
you're relying on both no bugs in the kernel and no bugs in the quemu.  

This comes up a lot on misc@openbsd.org.  Their analysis shoes that it
decreases security to use software virtualization.  

Those old 486s didn't themselves take much power.  If the problem is
noise, you could replace the drives with industrial CF cards for the


Reply to: