Subject: Re: firewall in domU, bridging or hiding interfaces
To: None <port-xen@netbsd.org>
From: Florian Heigl <floh@deranfangvomen.de>
List: port-xen
Date: 04/21/2006 01:18:50
Hi Joel,

On Thu, Apr 20, 2006 at 09:51:41PM +0200, Joel CARNAT wrote:
> Hi,
> 
> I'm looking at re-building my home-LAN into a one Xen server
> architecture. I plan to do something like "Option B" as described in
> http://lists.xensource.com/archives/html/xen-users/2005-08/msg00315.html

both ways will be ok security-wise:

if You use bridging, simply take care to NOT assign an ip address to
the interface the bridge resides on. For added security, You can set
firewall rules to allow only traffic to/from the address assigned to 
Your firewall domU and even consider using pf's hop count to annihilate
any chance of external spoofing.

personally I'd really prefer assigning the pci interface to the domU,
because it's a cleaner way of doing it and less prone to configuration
errors or failures in dom0.
but, if You search this list's archives You will have to find out
that pci hiding has it's own security problems. if I understood that
discussions right, the / a nic driver allow access to foreign memory 
regions. OTOH I don't know if I understood it at all or if it's still
an issue with 3.0.2 (pci hiding was iirc broken with Xen till 3.0.2)

Regards,
florian