OpenVZ Forum


Home » General » Support » Networking, security
Re: Networking, security [message #37423 is a reply to message #37421] Tue, 08 September 2009 16:24 Go to previous messageGo to previous message
kir is currently offline  kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia
Senior Member

andreas2 wrote on Tue, 08 September 2009 18:55
As I understood veth is a brigde, so all clients can listen to whole traffic.


From vzctl man page:
       --mac_filter on|off
           Enables/disables  MAC  address  filtering  for  the  Container veth
           device and the possibility of configuring the MAC address  of  this
           device from inside the Container. If the filtering is turned on:
           *  the  veth  device  accepts  only  those  packets that have a MAC
           address in their headers  corresponding  to  that  of  this  device
           (excluding all broadcast and multicast packets);
           *  it  is impossible to modify the veth MAC address from inside the
           Container.
           By default, this functionality is  enabled  for  all  veth  devices
           existing inside the Container.


Kir Kolyshkin
http://static.openvz.org/userbars/openvz-developer.png
 
Read Message
Read Message
Read Message
Previous Topic: Compiling for Kernel 2.6.30
Next Topic: PCI Passthrough
Goto Forum:
  


Current Time: Thu Jul 24 21:24:07 GMT 2025

Total time taken to generate the page: 0.31355 seconds