Date: Fri, 18 Jul 2025 13:24:47 +0000 From: "Patrick M. Hausen" <hausen@punkt.de> To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: net.inet.ip.fw.verbose in jails Message-ID: <C963E6A0-CF3B-4052-A954-46CC28134FA9@punkt.de>
next in thread | raw e-mail | index | archive | help
Hi all, one customer started to make more use of IPFW inside their vnet jails in our hosting environment. When they - create a firewall rule with "log" set, like: ipfw add 65532 allow log ip from me to any out - set: sysctl net.inet.ip.fw.verbose=1 all *inside* a jail, the firewall rules work as expected, yet the log entries end up in /var/log/security on the host. All the time net.inet.ip.fw.verbose on the host is set to 0. Is this intentional? Or fundamental, because there is only a shared host kernel with jails? Or is it a bug? I checked multiple times, the sysctl variables can be set for each jail and the host independently just like each can have its own set of firewall rules. Kind regards, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Sophienstr. 187 76185 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de info@punkt.de AG Mannheim 108285 Geschäftsführer: Daniel Lienert, Fabian Stein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C963E6A0-CF3B-4052-A954-46CC28134FA9>