From owner-freebsd-jail@FreeBSD.ORG Wed Apr 24 19:54:27 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 0B794AC0 for ; Wed, 24 Apr 2013 19:54:27 +0000 (UTC) (envelope-from fbsd8@a1poweruser.com) Received: from mail-03.name-services.com (mail-03.name-services.com [69.64.155.195]) by mx1.freebsd.org (Postfix) with ESMTP id E84551B3B for ; Wed, 24 Apr 2013 19:54:26 +0000 (UTC) Received: from [10.0.10.1] ([173.88.202.176]) by mail-03.name-services.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 24 Apr 2013 12:54:27 -0700 Message-ID: <5178386C.8010502@a1poweruser.com> Date: Wed, 24 Apr 2013 15:54:20 -0400 From: Joe User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: "Teske, Devin" Subject: Re: How to start a firewall in a vimage jail References: <517812D4.2010304@a1poweruser.com> <5178175E.5020604@fisglobal.com> <13CA24D6AB415D428143D44749F57D7201F1DE32@ltcfiswmsgmb21> In-Reply-To: <13CA24D6AB415D428143D44749F57D7201F1DE32@ltcfiswmsgmb21> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 24 Apr 2013 19:54:27.0634 (UTC) FILETIME=[8716D920:01CE4125] X-Sender: fbsd8@a1poweruser.com X-Authenticated-Sender: fbsd8@a1poweruser.com X-EchoSenderHash: [fbsd8]-[a1poweruser*com] Cc: " Jail" , "Robison, Dave" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Apr 2013 19:54:27 -0000 Teske, Devin wrote: > On Apr 24, 2013, at 10:33 AM, Robison, Dave wrote: > >> On 04/24/2013 10:13, Joe wrote: >>> Hello >>> >>> I am having a very difficult time getting pf firewall to start in a vimage jail on 9.1-RELEASE. >>> >>> Is this at all possible? >>> >>> If this can be done, would you please share the details on how it's done? >>> >>> Thanks >>> >> Vimage doesn't yet support PF. IPFW works, however. >> > > Although one can successfully compile a kernel that has both the VIMAGE option and > "device pf" enabled, I've never tried pf inside a vimage. > > Maybe someone with some good pf experience can give it a go. > > I know ipfw works all the way. > > And as we (Joe and I) explored already, a kernel with IPFILTER option (for ipf) > will not work with VIMAGE (kernel panic at boot). ok lets change the question from setting up pf inside of a vimage jail to how to set up ipfw to run from inside of a vimage jail.