Building a Hypervisor Firewall with nftables and Rust

Explore the intricacies of building a hypervisor firewall using nftables and Rust in this informative conference talk by Stefan Hanreich from Proxmox Server Solutions. Begin with a brief introduction to nftables and Linux network virtualization before delving into the creation of complex rulesets using nftables' built-in data structures. Learn how to implement zone-based firewalling by leveraging the nftables bridge family, with a focus on virtualized network environments common in hypervisors. Conclude by discovering how to utilize Rust for interfacing with nftables via JSON, using the provided nftables-json schema to programmatically create firewall rules. Gain valuable insights into securing hypervisors and their guests from internal and external threats through this comprehensive exploration of firewall implementation techniques.

Building a Hypervisor Firewall with nftables and Rust - Stefan Hanreich, Proxmox Server Solutions