Date: Fri, 28 Mar 2014 23:43:17 -0700 From: Matt Lager <matt@soliddataservices.com> To: freebsd-pf@freebsd.org Subject: Controlling traffic between jails on the same host Message-ID: <53366B85.3020002@soliddataservices.com>
next in thread | raw e-mail | index | archive | help
The Setup: I've got a pretty simple setup... A FreeBSD 10.0 host with 3 jails on it. The host, and each jail are assigned a public IP address. The host runs PF that controls inbound and outbound traffic for itself and it's jails. All works really nicely. Here's a basic diagram: PF does a really good job controlling traffic to and from remote system. I have recently come across the need to limit traffic from jails on the host to other jails on the same host. I.E. HostA-JailA needs to not be able to communicate with HostA-JailB. What I am seeing, however, is that because all these jails share a single interface, the traffic must not be going through PF as it is just seen as local traffic. I briefly tried to bring up a jail on another interface (lo1 for example) and use NAT to provide it with its connectivity, but even then the local traffic was still not filterable. There's got to be a way, but my brain hasn't thought of it yet. Any advice would be amazing, thanks so much ahead of time! --Matt -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53366B85.3020002>