From owner-freebsd-hackers@FreeBSD.ORG Tue Jul 6 05:25:41 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA0B316A4CE; Tue, 6 Jul 2004 05:25:41 +0000 (GMT) Received: from sev.net.ua (sev.net.ua [212.86.233.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id C4DF643D3F; Tue, 6 Jul 2004 05:25:40 +0000 (GMT) (envelope-from shadow@psoft.net) Received: from berloga.shadowland ([213.227.237.65]) by sev.net.ua (8.12.11/8.12.9) with ESMTP id i665Pcks057930; Tue, 6 Jul 2004 08:25:38 +0300 (EEST) (envelope-from shadow@psoft.net) Received: from berloga.shadowland (berloga.shadowland [127.0.0.1]) by berloga.shadowland (8.12.10/8.12.10) with ESMTP id i665Pc21008420; Tue, 6 Jul 2004 08:25:38 +0300 Received: (from root@localhost) by berloga.shadowland (8.12.10/8.12.10/Submit) id i665PcO3008418; Tue, 6 Jul 2004 08:25:38 +0300 From: Alex Lyashkov To: "Christian S.J. Peron" In-Reply-To: <20040705212709.GA70873@freefall.freebsd.org> References: <20040705212709.GA70873@freefall.freebsd.org> Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable Organization: PSoft Message-Id: <1089091537.7827.5.camel@berloga.shadowland> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 (1.4.5-1) Date: Tue, 06 Jul 2004 08:25:37 +0300 cc: hackers@freebsd.org Subject: Re: [patch] attach ipfw rules to jails X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jul 2004 05:25:41 -0000 =F7 =F7=D4=D2, 06.07.2004, =D7 00:27, Christian S.J. Peron =D0=C9=DB=C5=D4: > I have written support for attaching ipfw rules to jails. I am=20 > looking for some testers/feedback. >=20 > http://people.freebsd.org/~csjp/ip_fw_jail.diff >=20 > NOTES: > o Apply the patch > o cd /usr/src && make includes > o rebuild your kernel (or just the ipfw module) > o rebuild the ipfw userspace utility; >=20 > Syntax: >=20 > ipfw add count ip from any to any jail 1 >=20 > "jail" takes a numeric argument, a jail ID. >=20 > For those of you who dont know, jail IDs can be retrieved using > the jls(8) utility. >=20 > Input would be greatly appriciated. > Thanks! who not port vimage project to -current ? separated network stack and firewall rules more and more faster then this... If system not have jails vimage not add=20 observable overhead to system.. --=20 Alex Lyashkov PSoft