Date: Tue, 07 Nov 2017 16:43:48 +0100 From: irukandji <irukandji@voidptr.eu> To: freebsd-pf@freebsd.org Subject: Jail isolation from internal network and host (pf, vnet (vimage), freebsd 11.1) Message-ID: <1510069428.4725.31.camel@voidptr.eu>
next in thread | raw e-mail | index | archive | help
Hi Everyone, Problem: isolating jail away from internal network and host "hosting" it. Environment: jail with 192.168.1.100, host 192.168.1.200, VIMAGE enabled kernel, VNET (vnet0:JID) over bridge interface (bridge0), single network card on re0 I am unable prevent jail accessing host (192.168.1.200) for any other ip it is working, i have configured VNET just to have separated stack but host is still accessible from jail. Am I missing something or this is just something that cant be accomplished using pf? I am banging my head to the wall with this issue for past few months going radical lately (kernel recompile ;) ) but still without any result. Can PLEASE someone help me out? Regards, irukandji
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1510069428.4725.31.camel>