Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 09 Sep 2010 13:57:58 -0700
From:      Julian Elischer <julian@elischer.org>
To:        "Luiz Gustavo S. Costa" <luizgustavo@luizgustavo.pro.br>
Cc:        "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, FreeBSD virtualization mailing list <freebsd-virtualization@freebsd.org>
Subject:   Re: [patch] allow testing VIMAGE with pf in base system only
Message-ID:  <4C894A56.7040109@elischer.org>
In-Reply-To: <AANLkTikheuZs=qNw24Hr8vJ3A1Qo%2Bk-0eHW=cb2c17qi@mail.gmail.com>
References:  <20100907164529.O31898@maildrop.int.zabbadoz.net> <AANLkTikheuZs=qNw24Hr8vJ3A1Qo%2Bk-0eHW=cb2c17qi@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 9/9/10 12:22 PM, Luiz Gustavo S. Costa wrote:
> Hi Bjoern,
>
> I just perform tests with your patch and it worked very well! thanks
> for the patch ...
>
> But I found something that may be unsafe within the jail environment,
> I'm allowed to change /dev/pf, so that if I run a "pfctl-f
> /etc/pf.conf" inside the jail to do with that the rules are read
> again, killing pf.conf on the main environment


there is a version of pf in the wings that actually knows about jails.
This change is not to be confused with that.

>
> FreeBSD gugabsd.xxxx.com.br 8.1-STABLE FreeBSD 8.1-STABLE #1: Thu Sep
> 9 14:31:43 BRT 2010
> root@gugabsd.xxxx.com.br:/usr/obj/usr/src/sys/GENERIC  i386
>
> Thanks
>
> 2010/9/7 Bjoern A. Zeeb<bzeeb-lists@lists.zabbadoz.net>:
>> Hey,
>>
>> in a way to work on something I needed to be able to at least load pf
>> on my VIMAGE development machine.  So I quickly hacked together a
>> patch that does exactly that.  I hope it'll apply to HEAD or stable/8
>> but I didn't test on either.
>>
>> This will NOT allow you to use pf with jails+vnet but should allow
>> using pf in the base system even if VIMAGE is enabled.  In case it
>> still panics for you, let me know and include a backtrace in your
>> report.
>>
>> http://people.freebsd.org/~bz/20100907-01-pf-vnet0.diff
>>
>> /bz
>>
>> --
>> Bjoern A. Zeeb                              Welcome a new stage of life.
>> _______________________________________________
>> freebsd-virtualization@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
>> To unsubscribe, send any mail to
>> "freebsd-virtualization-unsubscribe@freebsd.org"
>>
>
>
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C894A56.7040109>