On 5/6/11 11:01 PM, Jack Raats wrote:
Normally you run the firewall on the host machine not in the jail.
well that's the whole point of the new virtually networking on jails.
each jail has its own networking stack and can have interfaces directly
attached that don't come through the host machine.
for this reason (and many others) it is possible for and often the
required
behaviour, to run a separate and separate firewall for each jail.
ipfw works well though dummynet doesn't yet..
and you need a spaecial version of pf to do it which hasn't been
committed yet.
So the answer is: use ipfw within a 'vnet' jail.
- Original Message - From: Mickey Harvey mh.u...@gmail.com
To: freebsd-ipfw@freebsd.org
Sent: Friday, May 06, 2011 10:29 PM
Subject: run pf or ipfw within a jail?
Is it possible to run pf or ipfw within a jail? I am running 8.2
and have
vimage compiled in the kernel.
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to
freebsd-ipfw-unsubscr...@freebsd.org
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org