From owner-freebsd-jail@FreeBSD.ORG Wed Apr 24 17:54:49 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 3D4774E8 for ; Wed, 24 Apr 2013 17:54:49 +0000 (UTC) (envelope-from Devin.Teske@fisglobal.com) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) by mx1.freebsd.org (Postfix) with ESMTP id 0D3DC131F for ; Wed, 24 Apr 2013 17:54:48 +0000 (UTC) Received: from smtp.fisglobal.com ([10.132.206.16]) by ltcfislmsgpa01.fnfis.com (8.14.5/8.14.5) with ESMTP id r3OHsmr1007455 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for ; Wed, 24 Apr 2013 12:54:48 -0500 Received: from LTCFISWMSGMB21.FNFIS.com ([10.132.99.23]) by LTCFISWMSGHT05.FNFIS.com ([10.132.206.16]) with mapi id 14.02.0309.002; Wed, 24 Apr 2013 12:54:47 -0500 From: "Teske, Devin" To: "Robison, Dave" Subject: Re: How to start a firewall in a vimage jail Thread-Topic: How to start a firewall in a vimage jail Thread-Index: AQHOQQ8gtidaEiIMHUG8bUA48G/K9pjl9VEAgAAGAIA= Date: Wed, 24 Apr 2013 17:54:47 +0000 Message-ID: <13CA24D6AB415D428143D44749F57D7201F1DE32@ltcfiswmsgmb21> References: <517812D4.2010304@a1poweruser.com> <5178175E.5020604@fisglobal.com> In-Reply-To: <5178175E.5020604@fisglobal.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.132.253.126] Content-Type: text/plain; charset="us-ascii" Content-ID: <87045D10558C2843A897914572405BB6@fisglobal.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8626, 1.0.431, 0.0.0000 definitions=2013-04-24_07:2013-04-24,2013-04-24,1970-01-01 signatures=0 Cc: " Jail" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Apr 2013 17:54:49 -0000 On Apr 24, 2013, at 10:33 AM, Robison, Dave wrote: > On 04/24/2013 10:13, Joe wrote: >> Hello >>=20 >> I am having a very difficult time getting pf firewall to start in a vima= ge jail on 9.1-RELEASE. >>=20 >> Is this at all possible? >>=20 >> If this can be done, would you please share the details on how it's done? >>=20 >> Thanks >> _______________________________________________ >> freebsd-jail@freebsd.org mailing list >> https://urldefense.proofpoint.com/v1/url?u=3Dhttp://lists.freebsd.org/ma= ilman/listinfo/freebsd-jail&k=3D%2FbkpAUdJWZuiTILCq%2FFnQg%3D%3D%0A&r=3DLTz= UWWrRnz2iN3PtHDubWRSAh9itVJ%2BMUcNBCQ4tyeo%3D%0A&m=3DC%2FNtPOiMS1MDnvEsxdWt= LnuOvaAqSHCxjciQ4EbMTBs%3D%0A&s=3D8baced3c49e32d315284bbcd4172014b4b14c4489= 3c7cf3458b8433afa3c2f1f >> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" >>=20 >>=20 >=20 > Vimage doesn't yet support PF. IPFW works, however. >=20 Although one can successfully compile a kernel that has both the VIMAGE opt= ion and "device pf" enabled, I've never tried pf inside a vimage. Maybe someone with some good pf experience can give it a go. I know ipfw works all the way. And as we (Joe and I) explored already, a kernel with IPFILTER option (for = ipf) will not work with VIMAGE (kernel panic at boot). --=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you.