On 15 Aug 2016, at 15:37, Ernie Luzar wrote:
Hello list;
Running 11.0-RC1 with only option vimage compiled into the generic
kernel.
I can run ipfilter on the host and start vnet jails containing no
firewalls just fine. But when I try to also have ipfilter run in the
vnet jail nothing happens. I added this to the vnet jails rc.conf
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.boot.rules"
ipmon_enable="YES"
ipmon_flags="-Ds"
Then start the vnet jail and its like those ipfilter statements in the
vnet jails rc.conf are not there. The vnet jails /var/log/messages
file is not even there. Issuing "ipfstat" inside the running vnet jail
to display the jails ipfilter rules gives this error message
"open(IPSTATE_NAME): No such file or directory"
To me this means ipfilter is not running in the vnet jail even though
I requested it in the vnet jails rc.conf file.
So my question to this list is, has anyone managed to get ipfilter to
run inside a vnet jail using any of the 11.0 alpha, beta, or rc
versions? If so would you please share your setup with me?
Maybe I am to close to the bleeding edge for there to be other users
in the same test loop?
The startup script contains “nojail”. I think someone opened a bug
report the other day but I can’t find it anymore; so the startup
script won’t automatically run inside a jail. Can you remove that
line and try again?
/bz
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
