Date: Mon, 15 Aug 2016 11:37:32 -0400 From: Ernie Luzar <luzar722@gmail.com> To: Freebsd Questions <FreeBSD-questions@freebsd.org>, "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org> Subject: testing 11.0-RC1 vnet jails with ipfilter Message-ID: <57B1E1BC.4090205@gmail.com>
next in thread | raw e-mail | index | archive | help
Hello list; Running 11.0-RC1 with only option vimage compiled into the generic kernel. I can run ipfilter on the host and start vnet jails containing no firewalls just fine. But when I try to also have ipfilter run in the vnet jail nothing happens. I added this to the vnet jails rc.conf ipfilter_enable="YES" ipfilter_rules="/etc/ipf.boot.rules" ipmon_enable="YES" ipmon_flags="-Ds" Then start the vnet jail and its like those ipfilter statements in the vnet jails rc.conf are not there. The vnet jails /var/log/messages file is not even there. Issuing "ipfstat" inside the running vnet jail to display the jails ipfilter rules gives this error message "open(IPSTATE_NAME): No such file or directory" To me this means ipfilter is not running in the vnet jail even though I requested it in the vnet jails rc.conf file. So my question to this list is, has anyone managed to get ipfilter to run inside a vnet jail using any of the 11.0 alpha, beta, or rc versions? If so would you please share your setup with me? Maybe I am to close to the bleeding edge for there to be other users in the same test loop? Thanks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?57B1E1BC.4090205>