run pf or ipfw within a jail?
Julian Elischer
julian at freebsd.org
Sun May 8 06:07:54 UTC 2011
On 5/6/11 11:01 PM, Jack Raats wrote:
> Normally you run the firewall on the host machine not in the jail.
>
well that's the whole point of the new virtually networking on jails.
each jail has its own networking stack and can have interfaces directly
attached that don't come through the "host" machine.
for this reason (and many others) it is possible for and often the
required
behaviour, to run a separate and separate firewall for each jail.
ipfw works well though dummynet doesn't yet..
and you need a spaecial version of pf to do it which hasn't been
committed yet.
So the answer is: "use ipfw within a 'vnet' jail".
>
> ----- Original Message ----- From: "Mickey Harvey" <mh.unet at gmail.com>
> To: <freebsd-ipfw at freebsd.org>
> Sent: Friday, May 06, 2011 10:29 PM
> Subject: run pf or ipfw within a jail?
>
>
>> Is it possible to run pf or ipfw within a jail? I am running 8.2
>> and have
>> vimage compiled in the kernel.
>> _______________________________________________
>> freebsd-ipfw at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>> To unsubscribe, send any mail to
>> "freebsd-ipfw-unsubscribe at freebsd.org"
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>
More information about the freebsd-ipfw
mailing list