From owner-freebsd-pf@freebsd.org  Sat Aug  6 16:24:11 2016
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 565D9BB0DCE;
 Sat,  6 Aug 2016 16:24:11 +0000 (UTC)
 (envelope-from stdin@niklaas.eu)
Received: from mx.box-hlm-01.niklaas.eu (mx.box-hlm-01.niklaas.eu
 [IPv6:2a02:2770:15:0:21a:4aff:fe1b:d1ad])
 by mx1.freebsd.org (Postfix) with ESMTP id 2776E173A;
 Sat,  6 Aug 2016 16:24:11 +0000 (UTC)
 (envelope-from stdin@niklaas.eu)
Received: from len-t420.klaas (unknown
 [IPv6:2a02:908:d722:7b00:224:d7ff:feec:38e0])
 by mx.box-hlm-01.niklaas.eu (Postfix) with ESMTPSA id 00A1C2C3592;
 Sat,  6 Aug 2016 18:23:48 +0200 (CEST)
Date: Sat, 6 Aug 2016 18:23:43 +0200
From: Niklaas Baudet von Gersdorff <stdin@niklaas.eu>
To: freebsd-questions@freebsd.org, freebsd-pf@freebsd.org
Subject: Re: Firewalling jails and lo0
Message-ID: <20160806162343.GE5566@len-t420.klaas>
Reply-To: stdin@niklaas.eu
Mail-Followup-To: freebsd-questions@freebsd.org, freebsd-pf@freebsd.org
References: <20160806155411.GA5289@len-t420.klaas> <57A60D1F.80500@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <57A60D1F.80500@gmail.com>
User-Agent: Mutt/1.6.0 (2016-04-01)
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Aug 2016 16:24:11 -0000

Ernie Luzar [2016-08-06 12:15 -0400] :

> 
> This bug report will answer your questions for non-vimage jails.
> 
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210049

Thanks a lot. So I stumbled upon a security issue? And the only
way to work around this is by using vimage jails? While vimage
refers to some virtualisation of the network /within/ the jails?

    Niklaas