zulu wrote:
Maybe this is what you need http://sourceforge.net/projects/zjails/ ,
doesn't require any advanced ZFS or VNET knowledge (just a working ZFS
pool and VIMAGE kernel).
VNET is supported and there is a "soft" jail restart option which
prevents the "kern/164763: Memory leak in VNET" issue from appearing.
You can also run non VNET ZFS jails - you can turn on or off VNET by
simply executing "zjail set vnet=off/on myjailname" then restarting
the jail with "zjail restart -c myjailname".
On FreeBSD 9.1 amd64, pf inside a jail will cause an immediate kernel
panic once you run pfctl in the jail - IPFW works as already stated by
others.
You can have pf enabled on the host however and have IPFW firewall in
jails.
Cheers,
Peter
What exactly do you mean by ipfw will run in a vimage jail?
Running a "open" ipfw rule set only proves the the ipfw program will run
in a vimage jail. How about the "simple" or "client" types that need the
outbound interface device name and use divert / nat?
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[email protected]"
