From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id CEA1C13874A for ; Tue, 29 Jan 2013 21:15:32 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C0E5421C037; Tue, 29 Jan 2013 21:15:23 +0000 (UTC) Received: from nm18-vm0.bullet.mail.ird.yahoo.com (nm18-vm0.bullet.mail.ird.yahoo.com [77.238.189.215]) by pigeon.gentoo.org (Postfix) with SMTP id E187121C005 for ; Tue, 29 Jan 2013 21:15:21 +0000 (UTC) Received: from [77.238.189.232] by nm18.bullet.mail.ird.yahoo.com with NNFMP; 29 Jan 2013 21:15:20 -0000 Received: from [217.146.189.110] by tm13.bullet.mail.ird.yahoo.com with NNFMP; 29 Jan 2013 21:15:20 -0000 Received: from [127.0.0.1] by smtp126.mail.ird.yahoo.com with NNFMP; 29 Jan 2013 21:15:20 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s1024; t=1359494120; bh=bHq3gA7oWJlylcUzAayNVpcIEdz65Any+1pEK4XW9fw=; h=X-Yahoo-Newman-Id:Message-ID:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Date:From:To:Subject:In-Reply-To:References:X-Mailer:Mime-Version:Content-Type:Content-Transfer-Encoding; b=QaWlA7lki+4tyx8QE1THe0KDkqcmEosj72qhziQf7pb/J0jzdbiPI05nJt3dpzDt0JhzVQDXblMJTs9kjDxTrts53Dc59AUWK2ql/6nxpL8c7khKLN+0tcRWyPo/6lpzCnkPyNJZxdTuVA7l9mwFKCpzXu0+vrwVsLdS9ZwHsE4= X-Yahoo-Newman-Id: 820982.24838.bm@smtp126.mail.ird.yahoo.com Message-ID: <820982.24838.bm@smtp126.mail.ird.yahoo.com> X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: ZRqaKfoVM1mOKIEtwbdM6QmOoLW.I4E5CLAw3IwzNPufJXk KE6IGdLvWSPBI7vaNKY86sz0DuVtw.rB_5i3fvDskbqUWvTcnSOMkIR8zuHY cmeglgsQpvIIqcASGr5btWSWvhZPb2fAG_v1fG6dq2Zxel9EfXFFDnvND_WW gNFMdHOVmUMOhGsrpcji4JcJxeXIjjFTddWOBPd5fYbO7pJ.ws9n1Trmr8oQ wlaLWb95gSWOjoiGJzErRTPafhHhDOCqwHiqliTN5VhO0HPBiUk213kZqY_E RLi4seQsL4MzkhwB4izqB4gLSDH2pNsYcbkIb7QGgcVDnhdLtMv4cD1CapUd nSazpQLVuD.lyZVHEm5_IQ.VhbM1K052VYTn9LBS.iU4NmwSBM7aBZvZLkIV Lt81fceJL5Migpb2wOMovdGq7J_7kU_.S4p6RgmTIieAmuDIi X-Yahoo-SMTP: UxXxlhuswBC4wbdewolpwSmT1iJVzQ-- Received: from sprat (ma1l1ists@92.27.156.6 with login) by smtp126.mail.ird.yahoo.com with SMTP; 29 Jan 2013 13:15:20 -0800 PST Date: Tue, 29 Jan 2013 21:14:16 +0000 From: Kevin Chadwick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] ebtables on Gentoo? In-Reply-To: <510813E7.8000704@orlitzky.com> References: <510813E7.8000704@orlitzky.com> X-Mailer: KeVs Mailer Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Archives-Salt: 37424a1d-f108-471e-8688-95a1788431f8 X-Archives-Hash: 62ade7d3ab0b1613f39eb15e17195b46 > So anyway, my memory of this is all very wishy-washy, but ebtables > turned out to be the best way to implement those inter-VM restrictions. > It could probably have been done in iptables, but ebtables made it easy > to say "don't let these two talk." I don;t know the details but I expect that would be a false sense of security and that you would want a secure switch or ssh or ipsec. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) _______________________________________________________________________