> thus carlopmart spake:
>> On 11/23/2010 01:48 PM, carlopmart wrote:
>>> On 11/23/2010 01:42 PM, Bret Lambert wrote:
>>>> Because you're still relying on your host's network stack, you aren't
>>>> actually firewalling it.
>>>>
>>>
>>> Uhmm .. I am not sure about this. For example: you can configure
>>> several virtual
>>> bridges under a ESXi host and then attach them to a virtual firewall
>>> like OpenBSD.
>>> If you configure some pf rules, you are doing firewalling ... In this
>>> case you have
>>> all network stack except layer 1, correct??
>>
>> And one more thing: with latest releases of hypervisors like ESXi and
>> KVM (I don't know about xen), you can attach physical hardware to a
>> specific guest, like network interfaces. Then, you have all network
>> stack asigned to a virtual machine. Where are the disadvantages in
>> scenarios like this??
>>
>> Thanks.
>
>
http://kerneltrap.org/mailarchive/openbsd-misc/2007/10/24/352059
>
