Orvar Korvar wrote:
> Ok, so it is impossible to shutdown internet connection to the global zone
> and surf only from the local zones. If I want to surf from the local zones,
> the global zone's NIC must be activated. I suspect a hacker will attack the
> global zone, instead of the local zone that I surf from.
There's no need to assign any addresses to the global zone.
I'm pretty sure there are others (Dan McDonald, probably) who have
experimented with the sort of configuration you're describing.
> Are there any other ways to increase security instead of my original plan
> (shutting down the global zone and surf from local zones)? I am afraid the
> global zone will be attacked...
If you set up the global zone having no interfaces (just lo0), and set
up the non-global zones using the "set ip-type=exclusive" mechanism, the
non-global zones will have networking that's completely independent of
the global zone.
You can't "shut down" the global zone, but you certainly can configure
it so that it doesn't have any available networking interfaces.
James Carlson 42.703N 71.076W <carls...@workingcode.com>
zones-discuss mailing list