vnet & firewalls in 12.0
Michael Zhilin
mizhka at gmail.com
Thu Oct 18 19:16:15 UTC 2018
Hi Ernie,
On Thu, Oct 18, 2018 at 9:36 PM Ernie Luzar <luzar722 at gmail.com> wrote:
> Wanting to get a head start on using 12.0 and vnet jails with in jail
> firewall.
>
> 1. Will Vimage be compiled as a module in the 12.0 kernel and be
> included in the base system release?
>
I suppose it's part of GENERIC kernel configuration
> 1.a. Has the boot time console log message about vimage being "highly
> experimental" been removed?
>
I don't see in dmesg such notification. 12-ALPHA3
> 2. Has the pf firewall been fixed so it can now run in a vnet jail or
> multiple vnet jails with out concern for which firewall is running on
> the host?
>
> 2.a. Is each vnet/pf log only viewable from it's vnet jail console?
>
> 2.b. Will pf/kernel module auto load on first call from a vnet jail?
>
> 2.c. Does vnet/pf NAT work?
>
> 3. Does the ipfw firewall still have the 11.x release mandatory
> requirements that the host must also be running ipfw for the vnet jailed
> ipfw to work?
>
> 3.a. Are all vnet/ipfw log messages still intermixed with the host's
> ipfw log messages?
>
> 3.b. Does vnet/ipfw NAT work?
>
I use NAT via netgraph+ipfw. it works fine (why not?). I'm patching "jng"
to add "nat" feature.
> 4. Has any work been done to ipf (ipfilter) so it will function when
> used in a vnet jail?
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
>
More information about the freebsd-current
mailing list