From owner-freebsd-net@FreeBSD.ORG Wed Nov 19 14:05:41 2014 Return-Path: <owner-freebsd-net@FreeBSD.ORG> Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 64E92E2A; Wed, 19 Nov 2014 14:05:41 +0000 (UTC) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 1A1F2BAE; Wed, 19 Nov 2014 14:05:41 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 6BC1725D37D1; Wed, 19 Nov 2014 14:05:37 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 723E2C76FD7; Wed, 19 Nov 2014 14:05:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id wJgvp_sLs7Mu; Wed, 19 Nov 2014 14:05:35 +0000 (UTC) Received: from [IPv6:fde9:577b:c1a9:4420:cabc:c8ff:fe8b:4fe6] (orange-tun0-ula.sbone.de [IPv6:fde9:577b:c1a9:4420:cabc:c8ff:fe8b:4fe6]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 3DD82C76FCE; Wed, 19 Nov 2014 14:05:32 +0000 (UTC) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: RFC: Enabling VIMAGE in GENERIC From: "Bjoern A. Zeeb" <bz@FreeBSD.org> In-Reply-To: <CAG=rPVeEEuK874g6+fVpHa5J_4V+A+QNbB5bCpXiS86jZW_U3Q@mail.gmail.com> Date: Wed, 19 Nov 2014 14:05:29 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <362F742A-BA6F-483A-947C-62D4C5510F31@FreeBSD.org> References: <CAG=rPVccq7R5+cbm6nR1WCZDM=-xwwkmF=cw8PCuk58oHPA-gQ@mail.gmail.com> <1423616F-F44D-47E5-8595-DE862DC04464@bsdimp.com> <546A34C8.6060004@freebsd.org> <CAG=rPVeEEuK874g6+fVpHa5J_4V+A+QNbB5bCpXiS86jZW_U3Q@mail.gmail.com> To: Craig Rodrigues <rodrigc@FreeBSD.org> X-Mailer: Apple Mail (2.1878.6) Cc: FreeBSD Net <freebsd-net@freebsd.org>, "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org>, freebsd-arch <freebsd-arch@freebsd.org> X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/> List-Post: <mailto:freebsd-net@freebsd.org> List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=subscribe> X-List-Received-Date: Wed, 19 Nov 2014 14:05:41 -0000 On 19 Nov 2014, at 03:28 , Craig Rodrigues <rodrigc@FreeBSD.org> wrote: >=20 > (6) Ask clusteradm to run one of the machines they use > for PF firewalls + IPv6 with a VIMAGE enabled kernel, and provide > feedback. For people to use pf with VIMAGE we first MUST have the security fix = imported that I pointed out a couple of times in the past. It won=92t matter on the firewalls with just a VIMAGE enabled kernel but = using VIMAGE + pf inside a jail (once that really works if it doesn=92t = already) will allow everyone how can administer pf inside the jail to = take over the entire machine otherwise. =97=20 Bjoern A. Zeeb "Come on. Learn, goddamn it.", WarGames, 1983