From owner-freebsd-security  Tue Sep 18 10:47:27 2001
Delivered-To: freebsd-security@freebsd.org
Received: from smtprelay2.abs.adelphia.net (smtprelay.abs.adelphia.net [64.8.20.11])
	by hub.freebsd.org (Postfix) with ESMTP id 2B33D37B40E
	for <freebsd-security@freebsd.org>; Tue, 18 Sep 2001 10:47:22 -0700 (PDT)
Received: from GANDALF ([24.48.164.64]) by
          smtprelay2.abs.adelphia.net (Netscape Messaging Server 4.15)
          with SMTP id GJVDD700.X8N for <freebsd-security@freebsd.org>;
          Tue, 18 Sep 2001 13:46:19 -0400 
Message-ID: <003701c14069$bb1d2e00$7811a8c0@GANDALF>
From: "Andrew Penniman" <apenniman@adelphia.net>
To: <freebsd-security@freebsd.org>
Subject: ipfw in a jail-centric environment?
Date: Tue, 18 Sep 2001 13:45:38 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0034_01C14048.33667460"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

This is a multi-part message in MIME format.

------=_NextPart_000_0034_01C14048.33667460
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I'm playing with jails for the first time and am not sure how to handle =
packet filtering in this scenario.

Should the host and jail environments each handle their own packet =
filtering or is all filtering handled by the host?  Is natd required?

I have tried to locate information on this subject but haven't found =
anything useful....

Thanks much,
Andrew Penniman

------=_NextPart_000_0034_01C14048.33667460
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I'm playing with jails for the first =
time and am=20
not sure how to handle packet filtering in this scenario.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Should the host and jail environments =
each handle=20
their own packet filtering or is all filtering handled by the =
host?&nbsp; Is=20
natd required?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I have tried to locate information on =
this subject=20
but haven't found anything useful....</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Thanks much,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Andrew =
Penniman</FONT></DIV></BODY></HTML>

------=_NextPart_000_0034_01C14048.33667460--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message