state of the art ?
Joe
fbsd8 at a1poweruser.com
Sun Apr 28 15:54:50 UTC 2013
zulu wrote:
>
> Maybe this is what you need http://sourceforge.net/projects/zjails/ ,
> doesn't require any advanced ZFS or VNET knowledge (just a working ZFS
> pool and VIMAGE kernel).
>
> VNET is supported and there is a "soft" jail restart option which
> prevents the "kern/164763: Memory leak in VNET" issue from appearing.
>
> You can also run non VNET ZFS jails - you can turn on or off VNET by
> simply executing "zjail set vnet=off/on myjailname" then restarting
> the jail with "zjail restart -c myjailname".
>
> On FreeBSD 9.1 amd64, pf inside a jail will cause an immediate kernel
> panic once you run pfctl in the jail - IPFW works as already stated by
> others.
>
> You can have pf enabled on the host however and have IPFW firewall in
> jails.
>
> Cheers,
>
> Peter
>
What exactly do you mean by ipfw will run in a vimage jail?
Running a "open" ipfw rule set only proves the the ipfw program will run
in a vimage jail. How about the "simple" or "client" types that need the
outbound interface device name and use divert / nat?
More information about the freebsd-jail
mailing list