Date: Thu, 8 Jan 2009 11:03:39 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: freebsd-jail@freebsd.org Cc: Ruslan Ermilov <ru@freebsd.org> Subject: jail startup script for multi-IPs + ifconfig *sigh* stuff Message-ID: <20090108104801.H45399@maildrop.int.zabbadoz.net>
index | next in thread | raw e-mail
Hi, I have a barely tested patch to rc.d/jail for HEAD (or the multi-IP jail patch on 7) with the defaults/rc.conf and a for sure enhanceable rc.conf.5 patch here: http://people.freebsd.org/~bz/20090108-02-rc-jail.diff For everyone who wants to grab the entire rc.d/jail file, fetch it from http://people.freebsd.org/~bz/jail This entire patch is only needed for thos people who like to get their IPs configured/deconfigured upon jail start/stop and you see what a mess of extra code this gives -- I am sure someone could improve the sh(1) code but ... I do NOT like this and neither do other people who will need to approve this to go in. I have been trying to support (most, all but the _netmask) from the old version so you can still only give a single IP, or an IP list (of mixed address families) but you can now also leave the IP part entirely empty and start a no-IP jail or add a _multi<n> with n starting at 0 (like with _alias<n>) and give the IPs on an extra line each. If you want to give an interface you can still use the jaiL_interface or jail_<jname>_interface but you can also give an interface per address now in that you prefix the address with "ifName|" (yes a pipe and no blanks!). If you want to give a netmask you can suffix an address with one of those: - "/<n>" -- prefix notation, no spaces allowed - " netmask a.b.c.d" -- netmask with a space between the adress and the work "netmask" and a full dot-quad mask. You are not allowed to be clever and wirte "netmask a.b.c" - " prefixlen n" -- similar to netmask but for v6 Obviously netmask will not work for a v6 address and prefixlen not for v4 as what you give is directly passed to ifconfig. If you give "interface" but no "netmask" '/32' is assumed for v4 and '/128' for v6. Anything I missed? What I want to know from you: 1) does you current rc.conf setup work if you just replace /etc/rc.d/jail? (keep a backup of the old - outside of that directory!) 2) does this work for all the features *sigh* you need? 3) does it work with whatever management tool you use for jails? 4) any other comments? In case there are bugs or problems, let me know - I'll update and repost links. /bz PS: special thanks to Ruben van Staveren who had maintained a (slightly) different version supporting v4/v6 ifconfig all the time! -- Bjoern A. Zeeb The greatest risk is not taking one.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090108104801.H45399>