Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 9 Sep 2010 16:22:31 -0300
From:      "Luiz Gustavo S. Costa" <luizgustavo@luizgustavo.pro.br>
To:        "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Cc:        FreeBSD virtualization mailing list <freebsd-virtualization@freebsd.org>
Subject:   Re: [patch] allow testing VIMAGE with pf in base system only
Message-ID:  <AANLkTikheuZs=qNw24Hr8vJ3A1Qo%2Bk-0eHW=cb2c17qi@mail.gmail.com>
In-Reply-To: <20100907164529.O31898@maildrop.int.zabbadoz.net>
References:  <20100907164529.O31898@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi Bjoern,

I just perform tests with your patch and it worked very well! thanks
for the patch ...

But I found something that may be unsafe within the jail environment,
I'm allowed to change /dev/pf, so that if I run a "pfctl-f
/etc/pf.conf" inside the jail to do with that the rules are read
again, killing pf.conf on the main environment

FreeBSD gugabsd.xxxx.com.br 8.1-STABLE FreeBSD 8.1-STABLE #1: Thu Sep
9 14:31:43 BRT 2010
root@gugabsd.xxxx.com.br:/usr/obj/usr/src/sys/GENERIC  i386

Thanks

2010/9/7 Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net>:
> Hey,
>
> in a way to work on something I needed to be able to at least load pf
> on my VIMAGE development machine. =A0So I quickly hacked together a
> patch that does exactly that. =A0I hope it'll apply to HEAD or stable/8
> but I didn't test on either.
>
> This will NOT allow you to use pf with jails+vnet but should allow
> using pf in the base system even if VIMAGE is enabled. =A0In case it
> still panics for you, let me know and include a backtrace in your
> report.
>
> http://people.freebsd.org/~bz/20100907-01-pf-vnet0.diff
>
> /bz
>
> --
> Bjoern A. Zeeb =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0Welcome a new stage of life.
> _______________________________________________
> freebsd-virtualization@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
> To unsubscribe, send any mail to
> "freebsd-virtualization-unsubscribe@freebsd.org"
>



--=20
Luiz Gustavo Costa (Powered by BSD)
*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
mundoUnix - Consultoria em Software Livre
http://www.mundounix.com.br
ICQ: 2890831 / MSN: contato@mundounix.com.br
Tel: 55
Blog: http://www.luizgustavo.pro.br

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikheuZs=qNw24Hr8vJ3A1Qo%2Bk-0eHW=cb2c17qi>