On Mon, Oct 18, 2010 at 7:56 PM, Julian Elischer <[email protected]> wrote: > On 10/18/10 11:10 AM, Ermal Luçi wrote: >> >> Hello, >> >> the link http://people.freebsd.org/~eri/pf45_1.diff has the patch for >> pf(4) as of OpenBSD 4.5 version. >> The patch is against HEAD. >> After OpenBSD 4.5 the syntax has changed and this is the reason for >> such an 'old' version patch. >> >> After importing this one the work will go on the newest version and >> decisions on it will than be done. >> >> Be aware that this patch has even support for VIMAGE/VNET. >> It will enable you to run pf(4) with[in] jails+vnets or just vnets >> themselves with separate rulesets >> and policies. >> pfsync(4) can be loaded as a module also with this patch. > > hooray! > > what to do with pfsync is hte question.. we don't yet have devfs-per-jail > but I think that's probably something we > should work on pretty soon. > I guess /dev/pfsync could only give you stuff from your own jail/vnet but I > don't use it so I'm not sure how it works.
AFAIK pfsync(4) is not a devfs consumer. Its just a wrapped up in-kernel packet generator glued to ifnet interface. So you should be able to run a failover scenario on 2 jails through pfsync(4). > >> Feedback is very welcome. >> >> Regards, > > -- Ermal _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "[email protected]"
