Orvar Korvar wrote: > Ok, so it is impossible to shutdown internet connection to the global zone > and surf only from the local zones. If I want to surf from the local zones, > the global zone's NIC must be activated. I suspect a hacker will attack the > global zone, instead of the local zone that I surf from.
There's no need to assign any addresses to the global zone. I'm pretty sure there are others (Dan McDonald, probably) who have experimented with the sort of configuration you're describing. > Are there any other ways to increase security instead of my original plan > (shutting down the global zone and surf from local zones)? I am afraid the > global zone will be attacked... If you set up the global zone having no interfaces (just lo0), and set up the non-global zones using the "set ip-type=exclusive" mechanism, the non-global zones will have networking that's completely independent of the global zone. You can't "shut down" the global zone, but you certainly can configure it so that it doesn't have any available networking interfaces. -- James Carlson 42.703N 71.076W <carls...@workingcode.com> _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org