tap devices ... restricting IP?
Bakul Shah
bakul at bitblocks.com
Wed Oct 22 05:07:29 UTC 2008
On Wed, 22 Oct 2008 01:01:39 -0300 "Marc G. Fournier" <scrappy at hub.org> wrote:
> Is it possible to assign an IP to a tap device, used by something like QEMU,
> such that someone *inside* the QEMU environment can't modify? Or, if they do
> modify their own IP, the network inside of QEMU will break, as the internal IP
> doesn't match what is attached to tap?
>
> I'm not seeing anything to that effect in the tap manual, but the part talking
> about 'control' seems to indicate that you can do this ...
This is not something the tap driver does for you. But you
can use DHCP to give the qemu machine its own IP address +
setup some firewall rules so that no other IP address can be
sourced from the qemu machine.
More information about the freebsd-net
mailing list