jails, IPS and firewalls, oh my!
Mark Felder
feld at FreeBSD.org
Thu Sep 18 12:34:25 UTC 2014
On Wed, Sep 17, 2014, at 09:53, Littlefield, Tyler wrote:
>
> So, on the advice of others who know BSD a lot more than I do I tried a
> few things. Mainly I assigned the IP to a jail and tried to firewall it
> off. The IP address though still is being used by em0, which means that
> even if I open port 80 it will point to my main server and not the jail.
>
But the process listening on port 80 is in the jail, which is really all
that matters in this scenario. It's possible for you to assign an IP to
the jail and have zero services outside the jail listening on that IP.
This should cover your concerns as well. If you really want an
"interface" that is only assigned to the jail you'll have to look at
using VNET jails. Failing that, perhaps run a full FreeBSD bhyve VM
instead?
More information about the freebsd-questions
mailing list