Static Jail ID's (JID's) for use with IPFW?
Hi, I have a number of jailed systems running - and I've been setting up ipfw rules for them. This is on FBSD 9.1. 'ipfw' lets you match on traffic to/from a Jail ID (JID) - however every time jails get started / stopped their JID changes [thus breaking the firewall rules]. I can't see anywhere to 'statically' configure a JID to a Jail (i.e. in /etc/rc.conf). Is this possible? / How? Thanks, -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Static Jail ID's (JID's) for use with IPFW?
On 07/08/2013 09:28, Karl Pielorz wrote: I have a number of jailed systems running - and I've been setting up ipfw rules for them. This is on FBSD 9.1. 'ipfw' lets you match on traffic to/from a Jail ID (JID) - however every time jails get started / stopped their JID changes [thus breaking the firewall rules]. I can't see anywhere to 'statically' configure a JID to a Jail (i.e. in /etc/rc.conf). I don't think the old /etc/rc.conf way of handling jails lets you do it, but the latest version of jail(8) introduced /etc/jail.conf and you should be able to add jid = N; parameters in there. I've no idea what will happen if your choice conflicts with an automatically generated jid, so you'll either have to make sure all jails have fixed jids, or choose a suitably high range for fixed ones and hope you never generate too many unfixed jids. -- In the dungeons of Mordor, Sauron bred Orcs with LOLcats to create a new race of servants. Called Uruk-Oh-Hai in the Black Speech, they were cruel and delighted in torturing spelling and grammar. _Lord of the Rings 2.0, the Web Edition_ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Static Jail ID's (JID's) for use with IPFW?
Karl Pielorz wrote: Hi, I have a number of jailed systems running - and I've been setting up ipfw rules for them. This is on FBSD 9.1. 'ipfw' lets you match on traffic to/from a Jail ID (JID) - however every time jails get started / stopped their JID changes [thus breaking the firewall rules]. I can't see anywhere to 'statically' configure a JID to a Jail (i.e. in /etc/rc.conf). Is this possible? / How? Thanks, -Karl Use the jails IP address in the hosts IPFW rules. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Static Jail ID's (JID's) for use with IPFW?
--On 07 August 2013 12:23 +0100 Arthur Chance free...@qeng-ho.org wrote: I don't think the old /etc/rc.conf way of handling jails lets you do it, but the latest version of jail(8) introduced /etc/jail.conf and you should be able to add jid = N; parameters in there. Thanks - I'll check that out... I've no idea what will happen if your choice conflicts with an automatically generated jid, so you'll either have to make sure all jails have fixed jids, or choose a suitably high range for fixed ones and hope you never generate too many unfixed jids. I'll be making them all static - just to avoid that problem ;) Cheers, -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
