[Bug 217177] sysutils/qjail [Maintainer update] reworked vnet function
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Feb 17 16:25:58 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217177
Bug ID: 217177
Summary: sysutils/qjail [Maintainer update] reworked vnet
function
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: qjail at a1poweruser.com
CC: qjail1 at a1poweruser.com
Attachment #180083 maintainer-approval+
Flags:
CC: qjail1 at a1poweruser.com
Flags: maintainer-feedback?(qjail1 at a1poweruser.com)
Created attachment 180083
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=180083&action=edit
updated port make files diff
qjail-5.1 change log.
1. Release 11.0 activated fortune tips at user login time. I disabled it.
When creating the sharedefs filesystem during "qjail install" time renamed
the fortune file named /usr/bin/fortune so when logging into an account
in a jail will no longer get the tip message generated. Done 01/5/2017
2. Edit qjail.8 man page adding info about NAT forwarding by ip address
and port number to target traffic to the desired jail. Done 01/5/2017
3. Re-wrote qjail-howto.8, now shows example of how to drive public traffic
to jail based on port number and NAT forwarding. done 1/5/2017
4. 2/1/2017 I received an email from Shuto Imai, who is a security engineer
living in Japan. He suggested a different
method of configuring vnet jails. He customized the qjail script and the
qjail.vnet.be script so the ipv4 ip address entered on the create command gets
used as the vnet jail access ip address and also changed the list command to
show the ipv4 ip address on the list display for vnet jails. He provided a
diff that I patched qjail-5.0 with to really understand what his different
method was all about. Using that as a starting point I rewrote just about
every thing dealing with vnet configuration, and how it is shown by the
list command. The following items are the details.
A. The create command ipv4 & ipv6 ip addresses are now used as the
connection ip address on the epairb that bridges the vnet jail to
the host system.
B. Discarded the bridge/epair method that used the qjail.vnet.be script.
C. Changed the vnet jail config method so the -w and -v command options
can now be coded together on the same command request.
D. Changed the build_config_def routine in what exec.start variable
content is populated for vnet jails.
E. Moved the bridge/epair logic from the qjail.vnet.be script to the
qjail script start/stop routine.
F. Changed the way firewalls are checked at vnet jail start time
to verify the host is running the same firewall as the vnet jail.
G. Changed the way the list command shows vnet jails. The status field
now contains some new content. A "V" is displayed for a vnet jail.
Numbers are shown to indicate which firewall is being used by that
vnet jail. 0=none, 1=ipfw, 2=pf, 3=ipf
5. Changed qjail.8 manual to address the new way vnet jails are handled.
6. Wrote the new qjail-vnet-howto.8 manual.
7. Wrote the new qjail-ipv6-testing.8 manual.
8. Fixed the way "config -V" function removed vnet jail status,
9. For vnet jails corrected the method of assigning multiple ipv4
ip addresses.
10. For vnet jails corrected the method of assigning multiple ipv6
ip addresses.
11. Added code to "config -b" rule logic to add qjail-bpf.ruleset
rule number 50 to the host system on first use.
12. Changed qjail.8 "GENERAL QJAIL USAGE TIPS" section adding
information about rule 50 usage.
13. Changed qjail.8 "config -b" section adding information about
rule 50 usage.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list