Date: Mon, 15 Aug 2016 16:59:24 +0000 From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: "Ernie Luzar" <luzar722@gmail.com> Cc: "Freebsd Questions" <FreeBSD-questions@freebsd.org>, "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org> Subject: Re: testing 11.0-RC1 vnet jails with ipfilter Message-ID: <078403E1-D8A3-4E52-B218-7A8B4400749A@lists.zabbadoz.net> In-Reply-To: <57B1E1BC.4090205@gmail.com> References: <57B1E1BC.4090205@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 15 Aug 2016, at 15:37, Ernie Luzar wrote: > Hello list; > > Running 11.0-RC1 with only option vimage compiled into the generic > kernel. > > I can run ipfilter on the host and start vnet jails containing no > firewalls just fine. But when I try to also have ipfilter run in the > vnet jail nothing happens. I added this to the vnet jails rc.conf > ipfilter_enable="YES" > ipfilter_rules="/etc/ipf.boot.rules" > ipmon_enable="YES" > ipmon_flags="-Ds" > > Then start the vnet jail and its like those ipfilter statements in the > vnet jails rc.conf are not there. The vnet jails /var/log/messages > file is not even there. Issuing "ipfstat" inside the running vnet jail > to display the jails ipfilter rules gives this error message > "open(IPSTATE_NAME): No such file or directory" > To me this means ipfilter is not running in the vnet jail even though > I requested it in the vnet jails rc.conf file. > > So my question to this list is, has anyone managed to get ipfilter to > run inside a vnet jail using any of the 11.0 alpha, beta, or rc > versions? If so would you please share your setup with me? > > Maybe I am to close to the bleeding edge for there to be other users > in the same test loop? The startup script contains “nojail”. I think someone opened a bug report the other day but I can’t find it anymore; so the startup script won’t automatically run inside a jail. Can you remove that line and try again? /bz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?078403E1-D8A3-4E52-B218-7A8B4400749A>