Hi community,
we want to use the private VLAN-technology, but we have some doubts on the layer 3 security.
There are 3 hosts (1 promicious [P1]- later this should be a firewall, which limits traffic between two VLANs & 2 in a isolated secondary VLANs [I1 & I2]).
I1 & I2 can't communicate directly with each other.
The problem is, that if I1 takes the IP of I2, I1 will be able to use the firewall-rules of I2.
Incoming traffic can be limited/secured by using static ARP-tables on P1 and rejecting mac-adress-changes on the VDS.
Outgoing traffic can be limited/secured by using the mac-addresses in the iptables.
But i don't believe, that this procedure is the best and i want to know, how you solved the security issues on layer 3.
Thank you for your help and best regards