Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 24 Apr 2013 17:54:47 +0000
From:      "Teske, Devin" <Devin.Teske@fisglobal.com>
To:        "Robison, Dave" <Dave.Robison@fisglobal.com>
Cc:        "<freebsd-jail@freebsd.org> Jail" <freebsd-jail@freebsd.org>
Subject:   Re: How to start a firewall in a vimage jail
Message-ID:  <13CA24D6AB415D428143D44749F57D7201F1DE32@ltcfiswmsgmb21>
In-Reply-To: <5178175E.5020604@fisglobal.com>
References:  <517812D4.2010304@a1poweruser.com> <5178175E.5020604@fisglobal.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Apr 24, 2013, at 10:33 AM, Robison, Dave wrote:

> On 04/24/2013 10:13, Joe wrote:
>> Hello
>>=20
>> I am having a very difficult time getting pf firewall to start in a vima=
ge jail on 9.1-RELEASE.
>>=20
>> Is this at all possible?
>>=20
>> If this can be done, would you please share the details on how it's done?
>>=20
>> Thanks
>> _______________________________________________
>> freebsd-jail@freebsd.org mailing list
>> https://urldefense.proofpoint.com/v1/url?u=3Dhttp://lists.freebsd.org/ma=
ilman/listinfo/freebsd-jail&k=3D%2FbkpAUdJWZuiTILCq%2FFnQg%3D%3D%0A&r=3DLTz=
UWWrRnz2iN3PtHDubWRSAh9itVJ%2BMUcNBCQ4tyeo%3D%0A&m=3DC%2FNtPOiMS1MDnvEsxdWt=
LnuOvaAqSHCxjciQ4EbMTBs%3D%0A&s=3D8baced3c49e32d315284bbcd4172014b4b14c4489=
3c7cf3458b8433afa3c2f1f
>> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"
>>=20
>>=20
>=20
> Vimage doesn't yet support PF. IPFW works, however.
>=20

Although one can successfully compile a kernel that has both the VIMAGE opt=
ion and "device pf" enabled, I've never tried pf inside a vimage.

Maybe someone with some good pf experience can give it a go.

I know ipfw works all the way.

And as we (Joe and I) explored already, a kernel with IPFILTER option (for =
ipf) will not work with VIMAGE (kernel panic at boot).
--=20
Devin

_____________
The information contained in this message is proprietary and/or confidentia=
l. If you are not the intended recipient, please: (i) delete the message an=
d all copies; (ii) do not disclose, distribute or use the message in any ma=
nner; and (iii) notify the sender immediately. In addition, please be aware=
 that any message addressed to our domain is subject to archiving and revie=
w by persons other than the intended recipient. Thank you.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13CA24D6AB415D428143D44749F57D7201F1DE32>