Date: Sun, 28 Apr 2013 11:54:50 -0400 From: Joe <fbsd8@a1poweruser.com> To: zulu <zulu@openvps.biz> Cc: Laurent Alebarde <l.alebarde@free.fr>, "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org> Subject: Re: state of the art ? Message-ID: <517D464A.7050101@a1poweruser.com> In-Reply-To: <1366868448.5178c1e04043f@gpo.cellcontainer.com> References: <5177B1A4.6060502@free.fr> <1366868448.5178c1e04043f@gpo.cellcontainer.com>
next in thread | previous in thread | raw e-mail | index | archive | help
zulu wrote: > > Maybe this is what you need http://sourceforge.net/projects/zjails/ , > doesn't require any advanced ZFS or VNET knowledge (just a working ZFS > pool and VIMAGE kernel). > > VNET is supported and there is a "soft" jail restart option which > prevents the "kern/164763: Memory leak in VNET" issue from appearing. > > You can also run non VNET ZFS jails - you can turn on or off VNET by > simply executing "zjail set vnet=off/on myjailname" then restarting > the jail with "zjail restart -c myjailname". > > On FreeBSD 9.1 amd64, pf inside a jail will cause an immediate kernel > panic once you run pfctl in the jail - IPFW works as already stated by > others. > > You can have pf enabled on the host however and have IPFW firewall in > jails. > > Cheers, > > Peter > What exactly do you mean by ipfw will run in a vimage jail? Running a "open" ipfw rule set only proves the the ipfw program will run in a vimage jail. How about the "simple" or "client" types that need the outbound interface device name and use divert / nat?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?517D464A.7050101>