Date: Sat, 07 May 2011 22:49:37 -0700 From: Julian Elischer <julian@freebsd.org> To: Jack Raats <jack@jarasoft.net> Cc: freebsd-ipfw@freebsd.org, Mickey Harvey <mh.unet@gmail.com> Subject: Re: run pf or ipfw within a jail? Message-ID: <4DC62EF1.6050800@freebsd.org> In-Reply-To: <80DC3A23AD6C467E8523B68F1F47DC1D@jarasc430> References: <BANLkTimD4zEB4JSKG5Kt3%2Bnr5AY9xYG_0A@mail.gmail.com> <80DC3A23AD6C467E8523B68F1F47DC1D@jarasc430>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/6/11 11:01 PM, Jack Raats wrote: > Normally you run the firewall on the host machine not in the jail. > well that's the whole point of the new virtually networking on jails. each jail has its own networking stack and can have interfaces directly attached that don't come through the "host" machine. for this reason (and many others) it is possible for and often the required behaviour, to run a separate and separate firewall for each jail. ipfw works well though dummynet doesn't yet.. and you need a spaecial version of pf to do it which hasn't been committed yet. So the answer is: "use ipfw within a 'vnet' jail". > > ----- Original Message ----- From: "Mickey Harvey" <mh.unet@gmail.com> > To: <freebsd-ipfw@freebsd.org> > Sent: Friday, May 06, 2011 10:29 PM > Subject: run pf or ipfw within a jail? > > >> Is it possible to run pf or ipfw within a jail? I am running 8.2 >> and have >> vimage compiled in the kernel. >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to >> "freebsd-ipfw-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DC62EF1.6050800>