From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1I6kHH-00076b-IN
	for qemu-devel@nongnu.org; Fri, 06 Jul 2007 05:39:03 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1I6kHG-00076P-0g
	for qemu-devel@nongnu.org; Fri, 06 Jul 2007 05:39:02 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1I6kHF-00076M-QY
	for qemu-devel@nongnu.org; Fri, 06 Jul 2007 05:39:01 -0400
Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <gceq-qemu-devel@m.gmane.org>)
	id 1I6kHF-0002Jd-3o
	for qemu-devel@nongnu.org; Fri, 06 Jul 2007 05:39:01 -0400
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1I6kHD-0006fI-Qw
	for qemu-devel@nongnu.org; Fri, 06 Jul 2007 11:38:59 +0200
Received: from harvee.org ([70.91.135.121])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <qemu-devel@nongnu.org>; Fri, 06 Jul 2007 11:38:59 +0200
Received: from esj by harvee.org with local (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <qemu-devel@nongnu.org>; Fri, 06 Jul 2007 11:38:59 +0200
From: "Eric S. Johansson" <esj@harvee.org>
Date: Fri, 06 Jul 2007 05:38:04 -0400
Message-ID: <f6l2jd$nm0$1@sea.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: news <news@sea.gmane.org>
Subject: [Qemu-devel] suitability for extension encapsulation in firewall
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

I'm looking for a way to encapsulate applications on a firewall (IPCop).  My 
line of reasoning is an encapsulated extension environment would help protect 
the integrity of the firewall and give users greater latitude in creating 
extension applications.  What I would like to do is install qemu as a "virtual 
server" residing on the DMZ/Orange network with its interface fully controlled 
by the Orange network firewall rules.  I've run qemu and am slightly familiar 
with the tun/tap setup but I don't know its relationship to IP tables.  Does is 
sit outside the rules like the raw device or inside?

on a related topic, is it possible to trigger a shutdown command (or even a 
reboot) and detect when the virtual machine has stopped running or had its 
hardware get the reboot signal so I can shut things down cleanly?