Re: [PATCH] pf(4) patch from OpenBSD 4.5
On Mon, Oct 18, 2010 at 7:56 PM, Julian Elischer wrote: > On 10/18/10 11:10 AM, Ermal Luçi wrote: >> >> Hello, >> >> the link http://people.freebsd.org/~eri/pf45_1.diff has the patch for >> pf(4) as of OpenBSD 4.5 version. >> The patch is against HEAD. >> After OpenBSD 4.5 the syntax has changed and this is the reason for >> such an 'old' version patch. >> >> After importing this one the work will go on the newest version and >> decisions on it will than be done. >> >> Be aware that this patch has even support for VIMAGE/VNET. >> It will enable you to run pf(4) with[in] jails+vnets or just vnets >> themselves with separate rulesets >> and policies. >> pfsync(4) can be loaded as a module also with this patch. > > hooray! > > what to do with pfsync is hte question.. we don't yet have devfs-per-jail > but I think that's probably something we > should work on pretty soon. > I guess /dev/pfsync could only give you stuff from your own jail/vnet but I > don't use it so I'm not sure how it works. AFAIK pfsync(4) is not a devfs consumer. Its just a wrapped up in-kernel packet generator glued to ifnet interface. So you should be able to run a failover scenario on 2 jails through pfsync(4). > >> Feedback is very welcome. >> >> Regards, > > -- Ermal ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
[PATCH] pf(4) patch from OpenBSD 4.5
Hello, the link http://people.freebsd.org/~eri/pf45_1.diff has the patch for pf(4) as of OpenBSD 4.5 version. The patch is against HEAD. After OpenBSD 4.5 the syntax has changed and this is the reason for such an 'old' version patch. After importing this one the work will go on the newest version and decisions on it will than be done. Be aware that this patch has even support for VIMAGE/VNET. It will enable you to run pf(4) with[in] jails+vnets or just vnets themselves with separate rulesets and policies. pfsync(4) can be loaded as a module also with this patch. Feedback on the VIMAGE enabled kernels is very welcome. Regards, -- Ermal P.S. keep me CC'd since i am not on this list. ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
Re: [PATCH] pf(4) patch from OpenBSD 4.5
On 10/18/10 11:10 AM, Ermal Luçi wrote: Hello, the link http://people.freebsd.org/~eri/pf45_1.diff has the patch for pf(4) as of OpenBSD 4.5 version. The patch is against HEAD. After OpenBSD 4.5 the syntax has changed and this is the reason for such an 'old' version patch. After importing this one the work will go on the newest version and decisions on it will than be done. Be aware that this patch has even support for VIMAGE/VNET. It will enable you to run pf(4) with[in] jails+vnets or just vnets themselves with separate rulesets and policies. pfsync(4) can be loaded as a module also with this patch. hooray! what to do with pfsync is hte question.. we don't yet have devfs-per-jail but I think that's probably something we should work on pretty soon. I guess /dev/pfsync could only give you stuff from your own jail/vnet but I don't use it so I'm not sure how it works. Feedback is very welcome. Regards, ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
