Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 13 Dec 2018 12:35:05 +0100
From:      Goran =?utf-8?B?TWVracSH?= <meka@tilda.center>
To:        Kristof Provost <kp@freebsd.org>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: VNET jails and PF service
Message-ID:  <20181213113505.7utf6ddl3rkr7zsd@hal9000.home.meka.rs>
In-Reply-To: <20181213083012.GA49515@vega.codepro.be>
References:  <20181213000232.vk4qoapuqyqly2jx@thinker.home.meka.rs> <20181213083012.GA49515@vega.codepro.be>
next in thread | previous in thread | raw e-mail | index | archive | help 

--zlry4lfd4z44kbzd
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Dec 13, 2018 at 09:30:12AM +0100, Kristof Provost wrote:
> On 2018-12-13 01:02:32 (+0100), Goran Meki=C4=87 <meka@tilda.center> wrot=
e:
> > I can't start PF as service from vnet jail. I have devfs rule to unhide
> > bpf (for dhclient) and pf that the jail is using. I can run "pfctl -e -f
> > /etc/pf.conf" but "service pf start" fails with:
> >
> > kldload: can't load pf: Operation not permitted
> > /etc/rc.d/pf: WARNING: Unable to load kernel module pf
> >
> Yes, jails can't load kernel modules, for obvious reasons.
> Your host needs to load the pf module, then the jail will be able to use
> it.

I did load it on the host, that's why "pfctl -e -f /etc/pf.conf" works
in the jail, but "service pf start" doesn't.

--zlry4lfd4z44kbzd
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE1WIFkXy2ZeMKjjKEWj1TknovrLYFAlwSQ+UACgkQWj1Tknov
rLb/Kg/+JBEJSxZpSSKDEd4r/tcWuNEYmLFUFeq5878de8tiPF9A7CmbsZlJxj+V
cPZ8uZ2IqRU1OO7Gd33qOPr2TbePg+CPMhpZUxdHkT9fFMjI8JlijJIFWwtSxrJs
yg8tRvkOojmJ8du82NSOO22q5zrukYosQBUOT0MtIbRrTE5CAKtF+vWcMI3oJmX7
A3ZA08TTnf7psNx+XixtT2wbu0QJDHqWT7HVb4EqrIAblH8Os9S9JoIkdazdCZ7C
IZEGag52mRDLvV7TLQP5vQNTz4VeXxgDmobUWoXHsVdSLg/F1Nle0TEDlihi4Wro
fDT7u4QwgEo9U9mTYq4B/qsENa2/ol4sCTqlRUtPJVQudI2HTmx3XRTo5YO8Ioui
6FdBhlitOltl5qjOO6yNkoEUznwjHTfgYjfrW6MtjcQabcP83YJ7nRe3Z+XnaTpt
UP2b5qbXyX1YTBAPUrNS4/kD4u5ZPfolXLPwLG5qmI8iIvI/lqF3i9xRxQPqi02g
FO+/hgl5kmwuXALoo2GIQ/+bsurZjvi7suv+xeX8jqhdm2Gaqf/qDS2GjJfsxLcX
bEkc/NHQvtL+p6Lo4BSlHrVKJmhBUdr8xBvq5SZN5raPN4f25MklPZgTJH5W9phe
L73VETKmidIf5kxKo8vcJF2s5d+pcQf9UPObZwaRW8me2xHFK80=
=CoDI
-----END PGP SIGNATURE-----

--zlry4lfd4z44kbzd--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20181213113505.7utf6ddl3rkr7zsd>