Date: Thu, 18 Sep 2014 07:34:23 -0500 From: Mark Felder <feld@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: jails, IPS and firewalls, oh my! Message-ID: <1411043663.650970.168986121.79B70425@webmail.messagingengine.com> In-Reply-To: <5419A071.2080800@tysdomain.com> References: <5419A071.2080800@tysdomain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 17, 2014, at 09:53, Littlefield, Tyler wrote: > > So, on the advice of others who know BSD a lot more than I do I tried a > few things. Mainly I assigned the IP to a jail and tried to firewall it > off. The IP address though still is being used by em0, which means that > even if I open port 80 it will point to my main server and not the jail. > But the process listening on port 80 is in the jail, which is really all that matters in this scenario. It's possible for you to assign an IP to the jail and have zero services outside the jail listening on that IP. This should cover your concerns as well. If you really want an "interface" that is only assigned to the jail you'll have to look at using VNET jails. Failing that, perhaps run a full FreeBSD bhyve VM instead?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1411043663.650970.168986121.79B70425>