From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1N7Zln-0006Sp-QJ
	for qemu-devel@nongnu.org; Mon, 09 Nov 2009 14:19:19 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1N7Zlj-0006Ij-2v
	for qemu-devel@nongnu.org; Mon, 09 Nov 2009 14:19:19 -0500
Received: from [199.232.76.173] (port=47245 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1N7Zli-0006IO-Ro
	for qemu-devel@nongnu.org; Mon, 09 Nov 2009 14:19:14 -0500
Received: from mail2.shareable.org ([80.68.89.115]:43872)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <jamie@shareable.org>) id 1N7Zli-0002gY-Fn
	for qemu-devel@nongnu.org; Mon, 09 Nov 2009 14:19:14 -0500
Date: Mon, 9 Nov 2009 19:19:10 +0000
From: Jamie Lokier <jamie@shareable.org>
Subject: Re: [Qemu-devel] [PATCH 4/4] Add support for -net bridge
Message-ID: <20091109191910.GE3808@shareable.org>
References: <1257294485-27015-1-git-send-email-aliguori@us.ibm.com>
	<1257294485-27015-5-git-send-email-aliguori@us.ibm.com>
	<1257614967.30774.424.camel@macbook.infradead.org>
	<4AF5F0A2.8050309@codemonkey.ws> <4AF680FD.5050101@redhat.com>
	<4AF82524.8080805@us.ibm.com> <20091109153933.GA1073@shareable.org>
	<4AF83896.8030504@us.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4AF83896.8030504@us.ibm.com>
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <aliguori@us.ibm.com>
Cc: Mark McLoughlin <markmc@redhat.com>, Arnd Bergmann <arndbergmann@googlemail.com>, Dustin Kirkland <kirkland@canonical.com>, Michael Tsirkin <mst@redhat.com>, qemu-devel@nongnu.org, Juan Quintela <quintela@redhat.com>, Avi Kivity <avi@redhat.com>, David Woodhouse <dwmw2@infradead.org>

Anthony Liguori wrote:
> You are correct except that I qualified this as NAT with host access 
> which so far is the common model.  If the host can access the NAT'd 
> network behind the NAT, then port privileges are important.

You're right.

This is why QEMU guests should be run inside an LXC container :-)

Or in the general case, a security-conscious net-setup script should
ensure general user invocations are limited to admin-decided subnets
with admin-decided firewall rules, so that they just look like
processes with ordinary access to everything else.

Iptables being what it is, that'd have to be distro specific and
sometimes site specific.

-- Jamie