Date: Mon, 14 Feb 2022 19:05:25 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 260973] pf: firewall rules stop matching when vnet jails share interface names with the host Message-ID: <bug-260973-227-ZiFekT5rP4@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-260973-227@https.bugs.freebsd.org/bugzilla/> References: <bug-260973-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D260973 --- Comment #4 from Thomas Steen Rasmussen / Tykling <thomas@gibfest.dk> --- (In reply to Kristof Provost from comment #3) Thank you for the input. The issue I was hitting is the first one you menti= on - also described in #185619 - and I've been able to work around it in my own setup by inventing some interface names inside the jails which are never us= ed on the host (in my case the jail interfaces are called jail0, jail1 etc). Also, this is not strictly needed, but one could add an exec.stop entry bef= ore rc.shutdown to rename the interfaces back to their original epairNb name wh= ich shouldn't be in use in the parent vnet. Both of these are workarounds of course, and doesn't begin to consider nest= ed jails with overlapping interface names. Kristof, do you know the code well enough to say if it would be possible to deny the initial interface rename action if a parent vnet is using the same name? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-260973-227-ZiFekT5rP4>