ifconfig: BRDGADD lo1: invalid argument
Alan Somers
asomers at freebsd.org
Sun Jun 26 15:43:55 UTC 2016
On Sun, Jun 26, 2016 at 3:37 AM, <org.freebsd.security at io7m.com> wrote:
> Hello.
>
> On 2016-06-25T18:13:18 -0600
> Alan Somers <asomers at freebsd.org> wrote:
>
>> On Sat, Jun 25, 2016 at 4:05 PM, <org.freebsd.security at io7m.com> wrote:
>> > I'm not using vnet jails. I'm actually just trying to get filtering of
>> > outbound traffic (see the other mail I sent to this list a few seconds
>> > before you responded).
>>
>> Based on my experience, I highly recommend vnet jails if you want
>> outbound filtering. It's much simpler than trying to filter outbound
>> traffic from shared-IP jails.
>
> I'm trying to look at vnet jails, but they still seem to be mostly
> undocumented and not entirely supported. Lots of fairly recent posts
> online regarding panics in day-to-day use. Using them in production
> seems risky. Is there something I should be looking at in particular?
I'm not sure how many known bugs they have. Adrian Chadd (adrian@) is
the best person to ask.
>
> When you say shared-IP jails, what exactly are you referring to? I'm
> not sure what's shared in this case; I have one public IP (it's a VPS)
> but individual jails are on their own private loopback addresses.
A shared-IP jail is the traditional, non-vnet type. You assign an
alias address to one of the host's network interfaces, and then assign
that address to the jail. It's called "shared-IP" because both host
and jail can see a network interface with that IP address.
>
> M
More information about the freebsd-net
mailing list