VNET jails and PF service
Kristof Provost
kp at freebsd.org
Thu Dec 13 08:30:15 UTC 2018
On 2018-12-13 01:02:32 (+0100), Goran Mekić <meka at tilda.center> wrote:
> I can't start PF as service from vnet jail. I have devfs rule to unhide
> bpf (for dhclient) and pf that the jail is using. I can run "pfctl -e -f
> /etc/pf.conf" but "service pf start" fails with:
>
> kldload: can't load pf: Operation not permitted
> /etc/rc.d/pf: WARNING: Unable to load kernel module pf
>
Yes, jails can't load kernel modules, for obvious reasons.
Your host needs to load the pf module, then the jail will be able to use
it.
Regards,
Kristof
More information about the freebsd-pf
mailing list