Date: Tue, 21 Oct 2008 21:49:01 -0700 From: Bakul Shah <bakul@bitblocks.com> To: "Marc G. Fournier" <scrappy@hub.org> Cc: freebsd-net@freebsd.org Subject: Re: tap devices ... restricting IP? Message-ID: <20081022044901.E92635B29@mail.bitblocks.com> In-Reply-To: Your message of "Wed, 22 Oct 2008 01:01:39 -0300." <AAF0D5CFDA1476A1AF36A900@ganymede.hub.org> References: <AAF0D5CFDA1476A1AF36A900@ganymede.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 22 Oct 2008 01:01:39 -0300 "Marc G. Fournier" <scrappy@hub.org> wrote: > Is it possible to assign an IP to a tap device, used by something like QEMU, > such that someone *inside* the QEMU environment can't modify? Or, if they do > modify their own IP, the network inside of QEMU will break, as the internal IP > doesn't match what is attached to tap? > > I'm not seeing anything to that effect in the tap manual, but the part talking > about 'control' seems to indicate that you can do this ... This is not something the tap driver does for you. But you can use DHCP to give the qemu machine its own IP address + setup some firewall rules so that no other IP address can be sourced from the qemu machine.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081022044901.E92635B29>