This is a good catch,
This kind of thing is exactly why one should be very hesitant to put
any type of monolithic obfuscated interposer between security and bare
metal. I do use VMs for point-of-entry firewalling, rather than an
application container, and those VM are configured to absorb t
I have a hyper-paranoid least-privilege security design on my network.
I use a layer-3 switch with each port as its own VLAN, and the 10GBe
uplinks as VLAN trunks. Since the individual devices do not "see" the
VLAN assignment (since it's done at the switch and above), all traffic
runs through the
users] Restricting intra-LAN traffic
> On 23/02/2018 18:34, Tim S wrote:
>> [...]
>> If you do run out, simply
>> spawning another Shorewall VM and trunking the policy pools between
>> Shorewall VMs takes care of that.
>
> Hi Tim,
>
> could you slight