From owner-freebsd-current@freebsd.org Thu Oct 18 18:33:36 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 206E8EFE030 for ; Thu, 18 Oct 2018 18:33:36 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-it1-x134.google.com (mail-it1-x134.google.com [IPv6:2607:f8b0:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AEADD76E53 for ; Thu, 18 Oct 2018 18:33:35 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-it1-x134.google.com with SMTP id l127-v6so2555607ith.1 for ; Thu, 18 Oct 2018 11:33:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:subject :content-transfer-encoding; bh=lL3QQg/kTyE3aMw+6+pGSGxROOglHxRNia3XlBoNEVw=; b=MHheM7kCroGxc8NLMVRuXxvHfXi5Vl4c/MSp4c/9TxfLSqs/winy9rfisFGuZ2vsp/ 6djKxd9mitMs4AbuPpZPSiNy+w9FMqhacBvI1tt4RPQQWOS7qCCfbFM+Cgu/6w8p3i7N 9ZdcIdiCE2foIoR04myDQeJ6lKQfEOUNCCvENDjH0JekmeT2b/jqhV9AzW3wI2I8NwBG Vy7b1V4G7v51PsMUDX2HbjiRF0XBsQNS+EKS3I9Bg6gickAyHVgmZFGTApiouavjeLlw nnlkdah6FnfEZse5c98XTpXl87+YjbtDJasLvI5lkZ+o8aFMwMo4nryiI+3Z3bLAsx7J kP5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:content-transfer-encoding; bh=lL3QQg/kTyE3aMw+6+pGSGxROOglHxRNia3XlBoNEVw=; b=ueX17LMIvLoP0e4lMwY+cOvcrixRbUXQrOQbL+Ix9SpqGI6d8HOYtuFatov5Kl0LJk WfUO+PQO2Mfv9A9tf/oRvTsxj8swHnFtMcdtEBfcUPXxqwW8IUAVLr+eh7bbEVHLt03e A2g5ffcnJZ6f9ii2yc5B9Uc0cbznBJNJaVvrJeFtTOeoOznHhDePnrcV3czXMgO83bU6 Z4hct7x4aPP0PDybpdAxJY3mRIRNvp9qtwINXDJwumHLEJqDK84H1DPt5iHXhx5pPcKY GANFLqABt54lxrIr4SiVzI1em2S4LO+McHRLwmghhgzHJ1xpx3Na4jj+MQqCiYQI1Rzp WWOQ== X-Gm-Message-State: ABuFfohWuYmDhRlXwy4Dq1l2F00rW3sj6g/sc6u4dcD5J9TLnrcSjjy2 /zlnw9uCl3DOhvp7PiS+wHjeap3b X-Google-Smtp-Source: ACcGV63Z7QPFwuyE/6XEvMUJAj10ObSMbheqMMCKbSpyivUy63bbizQVfMLxIpov4TWlKNOw1BjR7w== X-Received: by 2002:a24:65ce:: with SMTP id u197-v6mr945043itb.99.1539887614928; Thu, 18 Oct 2018 11:33:34 -0700 (PDT) Received: from [10.0.10.7] (cpe-65-25-48-31.neo.res.rr.com. [65.25.48.31]) by smtp.googlemail.com with ESMTPSA id o75-v6sm344252ito.20.2018.10.18.11.33.33 for (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 18 Oct 2018 11:33:34 -0700 (PDT) Message-ID: <5BC8D1FC.1010802@gmail.com> Date: Thu, 18 Oct 2018 14:33:32 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: FreeBSD current Subject: vnet & firewalls in 12.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Oct 2018 18:33:36 -0000 Wanting to get a head start on using 12.0 and vnet jails with in jail firewall. 1. Will Vimage be compiled as a module in the 12.0 kernel and be included in the base system release? 1.a. Has the boot time console log message about vimage being "highly experimental" been removed? 2. Has the pf firewall been fixed so it can now run in a vnet jail or multiple vnet jails with out concern for which firewall is running on the host? 2.a. Is each vnet/pf log only viewable from it's vnet jail console? 2.b. Will pf/kernel module auto load on first call from a vnet jail? 2.c. Does vnet/pf NAT work? 3. Does the ipfw firewall still have the 11.x release mandatory requirements that the host must also be running ipfw for the vnet jailed ipfw to work? 3.a. Are all vnet/ipfw log messages still intermixed with the host's ipfw log messages? 3.b. Does vnet/ipfw NAT work? 4. Has any work been done to ipf (ipfilter) so it will function when used in a vnet jail?