From owner-freebsd-virtualization@FreeBSD.ORG  Mon Oct 18 19:15:15 2010
Return-Path: <owner-freebsd-virtualization@FreeBSD.ORG>
Delivered-To: virtualization@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 417F61065675;
	Mon, 18 Oct 2010 19:15:15 +0000 (UTC)
	(envelope-from julian@freebsd.org)
Received: from out-0.mx.aerioconnect.net (outx.internet-mail-service.net
	[216.240.47.247])
	by mx1.freebsd.org (Postfix) with ESMTP id 22C178FC24;
	Mon, 18 Oct 2010 19:15:14 +0000 (UTC)
Received: from idiom.com (postfix@mx0.idiom.com [216.240.32.160])
	by out-0.mx.aerioconnect.net (8.13.8/8.13.8) with ESMTP id
	o9IItqD8002880; Mon, 18 Oct 2010 11:55:52 -0700
X-Client-Authorized: MaGic Cook1e
X-Client-Authorized: MaGic Cook1e
Received: from julian-mac.elischer.org
	(h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137])
	by idiom.com (Postfix) with ESMTP id 0E9F52D601F;
	Mon, 18 Oct 2010 11:55:51 -0700 (PDT)
Message-ID: <4CBC986C.30205@freebsd.org>
Date: Mon, 18 Oct 2010 11:56:44 -0700
From: Julian Elischer <julian@freebsd.org>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US;
	rv:1.9.2.9) Gecko/20100915 Thunderbird/3.1.4
MIME-Version: 1.0
To: =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org>, virtualization@freebsd.org
References: <AANLkTinXNRKSwjuOeQkDTANhSSbHYHZnf4SvaFHbEdrg@mail.gmail.com>
In-Reply-To: <AANLkTinXNRKSwjuOeQkDTANhSSbHYHZnf4SvaFHbEdrg@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.67 on 216.240.47.51
Cc: 
Subject: Re: [PATCH] pf(4) patch from OpenBSD 4.5
X-BeenThere: freebsd-virtualization@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion of various virtualization techniques FreeBSD supports."
	<freebsd-virtualization.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>,
	<mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization>
List-Post: <mailto:freebsd-virtualization@freebsd.org>
List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>,
	<mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Oct 2010 19:15:15 -0000

  On 10/18/10 11:10 AM, Ermal Luçi wrote:
> Hello,
>
> the link http://people.freebsd.org/~eri/pf45_1.diff has the patch for
> pf(4) as of OpenBSD 4.5 version.
> The patch is against HEAD.
> After OpenBSD 4.5 the syntax has changed and this is the reason for
> such an 'old' version patch.
>
> After importing this one the work will go on the newest version and
> decisions on it will than be done.
>
> Be aware that this patch has even support for VIMAGE/VNET.
> It will enable you to run pf(4) with[in] jails+vnets or just vnets
> themselves with separate rulesets
> and policies.
> pfsync(4) can be loaded as a module also with this patch.

hooray!

what to do with pfsync is hte question..  we don't yet have 
devfs-per-jail  but I think that's probably something we
should work on pretty soon.
I guess /dev/pfsync could only give you stuff from your own jail/vnet 
but I don't use it so I'm not sure how it works.

> Feedback is very welcome.
>
> Regards,