Date: Mon, 18 Oct 2010 21:31:07 +0100 From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org> To: Julian Elischer <julian@freebsd.org> Cc: virtualization@freebsd.org Subject: Re: [PATCH] pf(4) patch from OpenBSD 4.5 Message-ID: <AANLkTi=tzBX0mLabgd3TB2NW%2B7jU_RVpHni6RJc0j-jd@mail.gmail.com> In-Reply-To: <4CBC986C.30205@freebsd.org> References: <AANLkTinXNRKSwjuOeQkDTANhSSbHYHZnf4SvaFHbEdrg@mail.gmail.com> <4CBC986C.30205@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 18, 2010 at 7:56 PM, Julian Elischer <julian@freebsd.org> wrote= : > =A0On 10/18/10 11:10 AM, Ermal Lu=E7i wrote: >> >> Hello, >> >> the link http://people.freebsd.org/~eri/pf45_1.diff has the patch for >> pf(4) as of OpenBSD 4.5 version. >> The patch is against HEAD. >> After OpenBSD 4.5 the syntax has changed and this is the reason for >> such an 'old' version patch. >> >> After importing this one the work will go on the newest version and >> decisions on it will than be done. >> >> Be aware that this patch has even support for VIMAGE/VNET. >> It will enable you to run pf(4) with[in] jails+vnets or just vnets >> themselves with separate rulesets >> and policies. >> pfsync(4) can be loaded as a module also with this patch. > > hooray! > > what to do with pfsync is hte question.. =A0we don't yet have devfs-per-j= ail > =A0but I think that's probably something we > should work on pretty soon. > I guess /dev/pfsync could only give you stuff from your own jail/vnet but= I > don't use it so I'm not sure how it works. AFAIK pfsync(4) is not a devfs consumer. Its just a wrapped up in-kernel packet generator glued to ifnet interface. So you should be able to run a failover scenario on 2 jails through pfsync(= 4). > >> Feedback is very welcome. >> >> Regards, > > --=20 Ermal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=tzBX0mLabgd3TB2NW%2B7jU_RVpHni6RJc0j-jd>