Date: Tue, 06 Jul 2004 08:25:37 +0300 From: Alex Lyashkov <shadow@psoft.net> To: "Christian S.J. Peron" <csjp@freebsd.org> Cc: hackers@freebsd.org Subject: Re: [patch] attach ipfw rules to jails Message-ID: <1089091537.7827.5.camel@berloga.shadowland> In-Reply-To: <20040705212709.GA70873@freefall.freebsd.org> References: <20040705212709.GA70873@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
÷ ÷ÔÒ, 06.07.2004, × 00:27, Christian S.J. Peron ÐÉÛÅÔ: > I have written support for attaching ipfw rules to jails. I am > looking for some testers/feedback. > > http://people.freebsd.org/~csjp/ip_fw_jail.diff > > NOTES: > o Apply the patch > o cd /usr/src && make includes > o rebuild your kernel (or just the ipfw module) > o rebuild the ipfw userspace utility; > > Syntax: > > ipfw add count ip from any to any jail 1 > > "jail" takes a numeric argument, a jail ID. > > For those of you who dont know, jail IDs can be retrieved using > the jls(8) utility. > > Input would be greatly appriciated. > Thanks! who not port vimage project to -current ? separated network stack and firewall rules more and more faster then this... If system not have jails vimage not add observable overhead to system.. -- Alex Lyashkov <shadow@psoft.net> PSoft
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1089091537.7827.5.camel>