Hi, I'd like to propose a new option for passt, working title --no-map-host, as a complement to the existing --no-map-gw. The gap --no-map-gw prevents the guest from reaching host loopback services via the gateway address mapping, which is useful. However, there is currently no mechanism to prevent the guest from reaching services bound to the host's real external address (e.g. 0.0.0.0:22). Because passt proxies outbound guest connections as the host user, a connection from the guest to the host's own external IP is transparently forwarded — passt opens the socket on the host side and the connection succeeds. From the perspective of the service being connected to (e.g. sshd), it appears as a local connection. A concrete example with a typical setup: passt -t 2222 --no-map-gw --vhost-user --socket /tmp/passt-vm ss -tulpn shows: tcp LISTEN 0.0.0.0:22 sshd From inside the guest, a compromised or untrusted workload can reach sshd directly: ssh user@192.168.1.x # host's external IP, connection succeeds This also enables VM-to-VM lateral movement when multiple guests share the same host: each guest can reach the others' forwarded ports via the host's external IP. The operator has no indication this is happening. Services bound to 0.0.0.0 are generally considered "LAN-exposed" rather than "VM-guest-exposed", and this assumption is silently violated. Proposed option --no-map-host, which would cause passt to drop or reject TCP/UDP connections from the guest whose destination matches any of the host's own configured addresses (the same addresses passt already knows about for DHCP/NDP assignment purposes). An alternative spelling --map-host-addr none modelled on --map-host-loopback none would also be consistent with the existing option naming. This would stay entirely within passt's existing socket-layer design and require no new privileges. Why this matters for rootless setups The primary audience for passt is rootless VM deployments where TAP+bridge (the traditional isolation mechanism) is not available without privilege. In these setups, passt is the only network layer, so operators rely on it to provide whatever isolation is possible. --no-map-gw is a good step in that direction; --no-map-host would close the remaining obvious gap. Happy to discuss or test patches. Thanks for the project — it's been very useful. Best, baleti