From owner-freebsd-ipfw@FreeBSD.ORG Tue Apr 21 11:18:44 2015 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E68CE352 for ; Tue, 21 Apr 2015 11:18:44 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D0E941863 for ; Tue, 21 Apr 2015 11:18:44 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t3LBIimj009352 for ; Tue, 21 Apr 2015 11:18:44 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 178480] [ipfw] dynamically loaded ipfw with a vimage kernel don't work. Date: Tue, 21 Apr 2015 11:18:45 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: k@free.de X-Bugzilla-Status: In Progress X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2015 11:18:45 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=178480 Kai Gallasch changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |k@free.de --- Comment #2 from Kai Gallasch --- Just for the sake of cleaning up, I propose this 2y old PR to be closed and that the holder/reporter reopens a new PR, _if_ the problem still persists on FBSD 9.3. Also this PR is mainly a duplicate of open PR 178482 ("logging problem from vnet jail") if I understand the problem description of PR 178480 correctly. I can report that as for FBSD 10.1 there are no filtering problems when using a dynamically loaded ipfw for firewalling on the jail host and inside VIMAGE jails. Only ipfw logging inside VIMAGE jails does not work. Regards, K. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-ipfw@FreeBSD.ORG Tue Apr 21 13:14:43 2015 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9A4DBDD4 for ; Tue, 21 Apr 2015 13:14:43 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 845FA15F5 for ; Tue, 21 Apr 2015 13:14:43 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t3LDEhVC003156 for ; Tue, 21 Apr 2015 13:14:43 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 178480] [ipfw] dynamically loaded ipfw with a vimage kernel don't work. Date: Tue, 21 Apr 2015 13:14:43 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: smithi@nimnet.asn.au X-Bugzilla-Status: In Progress X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2015 13:14:43 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=178480 smithi@nimnet.asn.au changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |smithi@nimnet.asn.au --- Comment #3 from smithi@nimnet.asn.au --- > I can report that as for FBSD 10.1 there are no filtering problems when > using a dynamically loaded ipfw for firewalling on the jail host and > inside VIMAGE jails. Only ipfw logging inside VIMAGE jails does not work. "Only logging inside VIMAGE jails does not work." is the main issue of this PR and of 178482 (in which I foolishly attempted to participate :) so while this is mostly duplication, is the issue itself still unresolved? Is it to be expected that ipfw in a VNET jail can't log to /var/log/security specifically? Or can it, with particular jail configuration? Is this a VNET jail issue generally, or an ipfw issue specifically? Sorry, but I'm not in a position to test my own curiousity lately, but it seems a strange limitation on ipfw functionality in the jail unless explained by valid but non-obvious security concerns? cheers, Ian -- You are receiving this mail because: You are the assignee for the bug.