Re: pf for netgraph jails?
- In reply to: Palle Girgensohn : "pf for netgraph jails?"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 31 Oct 2024 21:04:59 UTC
W dniu 16.10.2024 o 16:19, Palle Girgensohn pisze: > Hi! > > Using FreeBSD-14.1, I have a rather simple setup with jails using > netgraph (using the `/usr/share/examples/jails/jng` script and "model"). > (...) > I assume I'm doing some simple mistake here, but find very little > information wrt the combo of netgraph, pf and jails. Any tips? I tried > configuring pf to work on the bridge interface but no difference. > What am I missing here? Hello Pale, I am afraid that you won't be able to easily pair PF(4) with Netgraph(3), but there are are probably at least two solutions you can deploy: ng_ipfw(4) and ng_bpf(4). Please also take a look at simple but very promising and innovative rc.d script proposed by Ivan Rozhuk[1]. 1. https://reviews.freebsd.org/D30175 -- Marek Zarychta