hi, > You're aware that PCI passthrough is insecure? Someone who gets root > access to a guest can reprogram the NICs (trivially) to read or write > any area of memory in any guest or the dom0. This might be pertinent > information if you were expecting your firewall to provide isolation. nope. 1st i'm hearing of it ... not that i haven't looked :-/ sigh. hrm. so, although this is "just" a RH/Fedora forum, but xen focussed, let me then ask ... i *want* a distro with -- X86_64/SMP (AMD multicore) support -- Xen 3.2.x builds & runs both in Dom0 & DomU -- capable of deploying a FW in DomU that does not suffer NIC-performance degradation -- or (apparently) security holes -- stable core that'll keep us 'supported' (e.g., *not* the Fedaora scenario i'm now facing; feature-incomplete until, perhaps, F10+, @ which point F8 -- which we're "stuck" on is unsupported) -- app repos (rpm, srpm, other ...) that are safe/available/reliable for full releases (one example, Bind 9.4.2, which seems to be tough to find for RHEL/Centos 5.1) *can* i (yet) "have it all"? iiuc, "no" .... -- Fedora-xen mailing list Fedora-xen@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-xen
