Date: Thu, 31 Oct 2024 22:04:59 +0100 From: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> To: Palle Girgensohn <girgen@FreeBSD.org>, "freebsd-net@freebsd.org" <freebsd-net@FreeBSD.org> Subject: Re: pf for netgraph jails? Message-ID: <6c4faa91-8e49-416a-9dfb-158aab1148f9@plan-b.pwste.edu.pl> In-Reply-To: <7D5BD9CC-8A08-4C74-B2E6-E0437235F3B1@FreeBSD.org> References: <7D5BD9CC-8A08-4C74-B2E6-E0437235F3B1@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
W dniu 16.10.2024 o 16:19, Palle Girgensohn pisze: > Hi! > > Using FreeBSD-14.1, I have a rather simple setup with jails using > netgraph (using the `/usr/share/examples/jails/jng` script and "model"). > (...) > I assume I'm doing some simple mistake here, but find very little > information wrt the combo of netgraph, pf and jails. Any tips? I tried > configuring pf to work on the bridge interface but no difference. > What am I missing here? Hello Pale, I am afraid that you won't be able to easily pair PF(4) with Netgraph(3), but there are are probably at least two solutions you can deploy: ng_ipfw(4) and ng_bpf(4). Please also take a look at simple but very promising and innovative rc.d script proposed by Ivan Rozhuk[1]. 1. https://reviews.freebsd.org/D30175 -- Marek Zarychta
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6c4faa91-8e49-416a-9dfb-158aab1148f9>