As I recently discovered, you cannot run a software firewall of any kind inside a solaris container. Everything else about SmartOS seems quite great to me, but my evaluation term was limited.
Actually that is not the case.
In SmartOS you have two options for networking. You can run a zone in "IP exclusive" mode which will give the zone full control over its networking stack. This means you can run a firewall or even change the IP addresses, etc from within the zone. SmartOS makes that apply to VMs as well. There are also anti-spoof mechanisms built into the OS to ensure that you dont get unfriendly neighbours.
