Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 11 Dec 2014 18:39:04 -0800
From:      Craig Rodrigues <rodrigc@freebsd.org>
To:        suraj sandhu <surajsandhu.bsd@gmail.com>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: VIMAGE/VNETs support for PF
Message-ID:  <20141212023904.GA2184@dibbler.crodrigues.org>
In-Reply-To: <CAAFvPEE35e9XhLRv=QOkNR79=H=yEJrLtNi=_G8U3t8efHVt%2BQ@mail.gmail.com>
References:  <CAAFvPEE35e9XhLRv=QOkNR79=H=yEJrLtNi=_G8U3t8efHVt%2BQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--pf9I7BMVVzbSWLtt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 13, 2014 at 02:17:54PM -0500, suraj sandhu wrote:
> Hi all,
>=20
> I am working on a product which used ipfilter but since ipfilter is not
> supported by the FreeBSD community anymore and  doesn't support VNETs, I
> need to make a choice between IPFW and PF.
>=20
> I know IPFW is supported and works with VIMAGE, can someone here please l=
et
> me know if the PF also works with VIMAGE, specifically in FreeBSD 9?

Can you describe what kind of product you are working on,
and your requirements?

Are you interested in:
     (1)  Using a system with VIMAGE compiled into the kernel,
          using the packet filter (IPFW, ipfilter, or PF)
          *not* inside a VNET jail.

     (2)  Using a system with VIMAGE compiled into the kernel,
          *and* using the packet filter (IPFW, ipfilter, or PF) inside a VN=
ET jail.

My experience on what works in FreeBSD 9 is based on working with FreeNAS
(which is derived from FreeBSD 9):

ipfw:  Seems to work with (1) or (2) with least problems, but needs more in=
vestigation
pf:    Seems to work with (1), but (2) has problems some of which are fixed=
 in FreeBSD 10
ipfilter:  crashes on bootup

I committed one fix for ipfilter which is not in FreeBSD 9: https://lists.f=
reebsd.org/pipermail/svn-src-all/2014-November/095036.html

which addresses (1) but not (2).

--=20
Craig

--pf9I7BMVVzbSWLtt
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlSKVUIACgkQ0gqKKjmYR53u6wCfbdYKMDo4JSIBROIb+RBB3Ct3
NUIAni2cKxc3ixMRFRgU0wA9owduurwy
=cnQ5
-----END PGP SIGNATURE-----

--pf9I7BMVVzbSWLtt--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141212023904.GA2184>