Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 18 Oct 2018 14:33:32 -0400
From:      Ernie Luzar <luzar722@gmail.com>
To:        FreeBSD current <freebsd-current@freebsd.org>
Subject:   vnet & firewalls in 12.0
Message-ID:  <5BC8D1FC.1010802@gmail.com>

next in thread | raw e-mail | index | archive | help
Wanting to get a head start on using 12.0 and vnet jails with in jail 
firewall.

1. Will Vimage be compiled as a module in the 12.0 kernel and be 
included in the base system release?

1.a. Has the boot time console log message about vimage being "highly 
experimental" been removed?

2. Has the pf firewall been fixed so it can now run in a vnet jail or 
multiple vnet jails with out concern for which firewall is running on 
the host?

2.a. Is each vnet/pf log only viewable from it's vnet jail console?

2.b. Will pf/kernel module auto load on first call from a vnet jail?

2.c. Does vnet/pf NAT work?

3. Does the ipfw firewall still have the 11.x release mandatory 
requirements that the host must also be running ipfw for the vnet jailed 
ipfw to work?

3.a. Are all vnet/ipfw log messages still intermixed with the host's 
ipfw log messages?

3.b. Does vnet/ipfw NAT work?

4. Has any work been done to ipf (ipfilter) so it will function when 
used in a vnet jail?



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5BC8D1FC.1010802>