Further problems with systemd-resolved on xubuntu 17.04
Xen
list at xenhideout.nl
Wed Jun 7 12:08:09 UTC 2017
Chris Green schreef op 07-06-2017 13:42:
> Yes, it is all rather messy at the moment and I'd really prefer to
> make it simpler. Complex security is a bad thing.
>
> If I can simply make guests 'see' *only* the outside world then they
> won't get local DHCP (or DNS) and all will be well.
Yeah I had just changed the firmware on a Fonera router to OpenWrt, and
then employed these rules.
I believe all it required was a pre-routing rule or post-routing, I
don't remember,
that said:
if the destination is my local subnet, deny
if the destination is everything else, allow.
oh that was a forward chain.
data was then forwarded to the main router, visible to the access point,
but not to the clients.
like a drop of rain gliding past an energy barrier ;-).
More information about the ubuntu-users
mailing list