Re: Can we run a qemu instance as a dedicated home network firewall?
On 14:04 Sun 30 Mar , Douglas A. Tutty wrote:
> On Sun, Mar 30, 2008 at 11:20:26AM -0400, Mitchell Laks wrote:
> > Can we use a virtual qemu linux machine as a firewall for
> > a real home network?
>
> Well, on normal i386 hardware (unlike e.g. Zseries with LPARs),
> virtualization doesn't gain you any security really. Think of it this
> way: the only way an attacker can break the firewall if its running
> natively on the one box, is a bug in the kernel. With virtualizaiton,
> you're relying on both no bugs in the kernel and no bugs in the quemu.
A very good point. Thank you.
>
> This comes up a lot on misc@openbsd.org. Their analysis shoes that it
> decreases security to use software virtualization.
>
> Those old 486s didn't themselves take much power. If the problem is
> noise, you could replace the drives with industrial CF cards for the
> firewall.
Also a great idea. I see cf-hard drive adapters and drives are very cheap.
Thank you very much,
Mitchell
>
> doug.
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: