Hi all,
Not sure if this is the right place to post this, but hoping you can settle a debate for me.
Let's say I set up an Ubuntu 18.04 server and provide no IP configuration to the public NIC. It is the only NIC for the server, so still has to be 'up', but doesn't respond to layer3/IP requests.
On top of it I have a macvtap interface in passthrough mode (connecting to a VPN or something to allow for required access).
My question is this: what security holes are still open? I know that via Layer2 (MAC) I'm still exposed, so is UFW/iptables with 'default deny all incoming' sufficient?
No comments:
Post a Comment