Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Oct 2018 22:15:55 +0300
From:      Michael Zhilin <mizhka@gmail.com>
To:        luzar722@gmail.com
Cc:        freebsd-current Current <freebsd-current@freebsd.org>
Subject:   Re: vnet & firewalls in 12.0
Message-ID:  <CAF19XBKvEH_XMaF%2BN93pmn6NisrH-%2BMMXgUXV4%2B1sNuCnFqusw@mail.gmail.com>
In-Reply-To: <5BC8D1FC.1010802@gmail.com>
References:  <5BC8D1FC.1010802@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi Ernie,

On Thu, Oct 18, 2018 at 9:36 PM Ernie Luzar <luzar722@gmail.com> wrote:

> Wanting to get a head start on using 12.0 and vnet jails with in jail
> firewall.
>
> 1. Will Vimage be compiled as a module in the 12.0 kernel and be
> included in the base system release?
>

I suppose it's part of GENERIC kernel configuration


> 1.a. Has the boot time console log message about vimage being "highly
> experimental" been removed?
>

I don't see in dmesg such notification. 12-ALPHA3


> 2. Has the pf firewall been fixed so it can now run in a vnet jail or
> multiple vnet jails with out concern for which firewall is running on
> the host?
>
> 2.a. Is each vnet/pf log only viewable from it's vnet jail console?
>
> 2.b. Will pf/kernel module auto load on first call from a vnet jail?
>
> 2.c. Does vnet/pf NAT work?
>
> 3. Does the ipfw firewall still have the 11.x release mandatory
> requirements that the host must also be running ipfw for the vnet jailed
> ipfw to work?
>
> 3.a. Are all vnet/ipfw log messages still intermixed with the host's
> ipfw log messages?
>
> 3.b. Does vnet/ipfw NAT work?
>

I use NAT via netgraph+ipfw. it works fine (why not?). I'm patching "jng"
to add "nat" feature.


> 4. Has any work been done to ipf (ipfilter) so it will function when
> used in a vnet jail?
> _______________________________________________
> freebsd-current@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF19XBKvEH_XMaF%2BN93pmn6NisrH-%2BMMXgUXV4%2B1sNuCnFqusw>