From owner-freebsd-jail@FreeBSD.ORG Thu Apr 25 05:49:04 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id BF93C981 for ; Thu, 25 Apr 2013 05:49:04 +0000 (UTC) (envelope-from zulu@openvps.biz) Received: from mgw.cellcontainer.com (mgw.cellcontainer.com [87.229.77.135]) by mx1.freebsd.org (Postfix) with ESMTP id 329731060 for ; Thu, 25 Apr 2013 05:49:03 +0000 (UTC) Received: from mgw.cellcontainer.com (unknown [192.168.1.10]) by mgw.cellcontainer.com (Postfix) with ESMTP id D535FAE11 for ; Thu, 25 Apr 2013 05:40:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=openvps.biz; h=message-id :date:subject:from:to:mime-version:content-type:in-reply-to :references; s=selector1; bh=RXNCZ2FYxshRJNq7u66+Au3D9dM=; b=OW3 KCEe0qROPmcRU4m+X4EwCBBC+k7WYEHa98tkl4eACmbOyve/czXmK9+TwHhLytql VkDIBwxLa08+QpQ+rqIPomVbuAtCKWSuMgS3eVec1xifhrbeH6gK0sYY1D/g3HkW JnvDoehVtdSQqduPBX7/OlHon8X1DTS3S8Q+P1KM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=openvps.biz; h=message-id :date:subject:from:to:mime-version:content-type:in-reply-to :references; q=dns; s=selector1; b=sODA8+l/+JYaUb3GQaKLbm9bUYGAH KM/Eb4uqm/Yg3SSjK9CkufrVzpcEReJpJLWlNQFjNX6pqmjG8C/s3Buzv86EuumK BVy5m+UkerjVoRF2Ay8WVgI8vhybTamiBNYvxzG/mndLUAefLJfrn21DppXCOJUK 6RltvUMc7ujhDk= Received: from gpo.cellcontainer.com (unknown [192.168.1.15]) by mgw.cellcontainer.com (Postfix) with ESMTP id C0317AE10 for ; Thu, 25 Apr 2013 05:40:50 +0000 (UTC) Received: by gpo.cellcontainer.com (Postfix, from userid 58) id A6BFB798E0; Thu, 25 Apr 2013 05:40:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on gpo.cellcontainer.com X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, HTML_MESSAGE autolearn=unavailable version=3.3.2 Received: from gpo.cellcontainer.com (gpo.cellcontainer.com [192.168.1.15]) by gpo.cellcontainer.com (Postfix) with ESMTP id 4DE1C798C0; Thu, 25 Apr 2013 05:40:48 +0000 (UTC) Message-ID: <1366868448.5178c1e04043f@gpo.cellcontainer.com> Date: Thu, 25 Apr 2013 17:40:48 +1200 Subject: Re: state of the art ? From: zulu To: Laurent Alebarde , "freebsd-jail@freebsd.org" MIME-Version: 1.0 X-MimeOLE: Produced by Group-Office 3.7.41 In-Reply-To: <5177B1A4.6060502@free.fr> X-Priority: 3 (Normal) References: <5177B1A4.6060502@free.fr> X-Mailer: Group-Office 3.7.41 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Apr 2013 05:49:04 -0000 Maybe this is what you need http://sourceforge.net/projects/zj= ails/ , doesn't require any advanced ZFS or VNET knowledge (just a wo= rking ZFS pool and VIMAGE kernel). VNET is supported and= there is a "soft" jail restart option which prevents the "kern/1647= 63: Memory leak in VNET" issue from appearing. You can also run = non VNET ZFS jails - you can turn on or off VNET by simply executing = "zjail set vnet=3Doff/on myjailname" then restarting the jail with "zj= ail restart -c myjailname". On FreeBSD 9.1 amd64, pf inside a= jail will cause an immediate kernel panic once you run pfctl in the= jail - IPFW works as already stated by others. You can h= ave pf enabled on the host however and have IPFW firewall in jai= ls. Cheers, Peter On Wednesday, 24-04-20= 13 on 22:19 Laurent Alebarde wrote: Hi all, =C2=A0= I am a FreeBSD/Jail/vnet newbbie. I read a lot of posts and tutorials= , mainly : =C2=A0=C2=A0* http://wiki.polymorf.fr/index.php= /Howto:FreeBSD_jail_vnet =C2=A0=C2=A0* http://archive.0xfeedfa= ce.org/blog/2011-11-21/lattera/freebsd-vnet-jail-admin-project I= have some questions please : 1. Are they still up-to-date = ? 2. Is the jail rc script still have to be patched to be able to us= e pf =C2=A0=C2=A0=C2=A0=C2=A0instead of IPFW ? 3. What are the b= est up-to-date links for tutorials to setup ZFS =C2=A0= =C2=A0=C2=A0=C2=A0ipv4/ipv6 vnet jails ? 4. Can it be put in produc= tion safely or is it still considered =C2=A0=C2=A0=C2=A0=C2=A0experi= mental ? Cheers, Laurent. _____________= __________________________________ freebsd-jail@freebsd.org mailing = list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To un= subscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org= "