Date: Thu, 13 Dec 2018 01:46:46 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> To: =?UTF-8?Q?Goran_Meki=c4=87?= <meka@tilda.center>, freebsd-pf@freebsd.org Subject: Re: VNET jails and PF service Message-ID: <e03e2a41-7848-6d41-cdbe-a9e2166d8bf1@quip.cz> In-Reply-To: <20181213000232.vk4qoapuqyqly2jx@thinker.home.meka.rs> References: <20181213000232.vk4qoapuqyqly2jx@thinker.home.meka.rs>
next in thread | previous in thread | raw e-mail | index | archive | help
Goran Mekić wrote on 2018/12/13 01:02: > Hello, > > I can't start PF as service from vnet jail. I have devfs rule to unhide > bpf (for dhclient) and pf that the jail is using. I can run "pfctl -e -f > /etc/pf.conf" but "service pf start" fails with: > > kldload: can't load pf: Operation not permitted > /etc/rc.d/pf: WARNING: Unable to load kernel module pf > > That's expected given https://svnweb.freebsd.org/base/releng/12.0/libexec/rc/rc.d/pf?view=markup#l25 > in the rc file. What is the proper way to enable PF in VNET jail? Do you have PF compiled in to your kernel or loaded as module pf.ko in the host? Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e03e2a41-7848-6d41-cdbe-a9e2166d8bf1>