[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Can we run a qemu instance as a dedicated home network firewall?

On 14:04 Sun 30 Mar     , Douglas A. Tutty wrote:
> On Sun, Mar 30, 2008 at 11:20:26AM -0400, Mitchell Laks wrote:
> > Can we use a virtual qemu linux machine as a firewall for 
> > a real home network?
> Well, on normal i386 hardware (unlike e.g. Zseries with LPARs),
> virtualization doesn't gain you any security really.  Think of it this
> way: the only way an attacker can break the firewall if its running
> natively on the one box, is a bug in the kernel.  With virtualizaiton,
> you're relying on both no bugs in the kernel and no bugs in the quemu.  

A very good point. Thank  you.

> This comes up a lot on misc@openbsd.org.  Their analysis shoes that it
> decreases security to use software virtualization.  
> Those old 486s didn't themselves take much power.  If the problem is
> noise, you could replace the drives with industrial CF cards for the
> firewall.

Also a great idea. I see cf-hard drive adapters and drives are very cheap.
Thank you very much,


> doug.
> -- 
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: