Date: Sun, 9 Aug 2020 06:50:54 +0200 From: Joachim Durchholz <jo@durchholz.org> To: freebsd-virtualization@freebsd.org Subject: Re: Restricting IP ranges for guests over tap devices Message-ID: <11e184c2-29a3-275f-a1ee-c032f7ad0bb2@durchholz.org> In-Reply-To: <7acfc19f-f58f-ed55-0ed5-162c3ef23d87@quip.cz> References: <20200801145144.7bf342d9@sunflower.int.arc7.info> <CACLnyCLNtcR0Aa2aO6hUMmW1S%2B41EdrhmtcfERJ3y2Lgxq_dcg@mail.gmail.com> <7acfc19f-f58f-ed55-0ed5-162c3ef23d87@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 02.08.20 um 14:45 schrieb Miroslav Lachman: > For me the more serious issue is that malicious guest can assign IP of > another guest or the main host and cause some collisions or > malfunctions. I am looking for the right solution for a long time. As of FreeBSD 12, you can put Bhyve into a jail. Jails can use VNETs, which can be configured for restricted IPs. https://forums.freebsd.org/threads/bhyve-inside-jails-why.69109/ talks about this. Disclaimer: I don't use bhyve so I don't know how accurate the postings are. Regards, Jo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?11e184c2-29a3-275f-a1ee-c032f7ad0bb2>