Jail isolation from internal network and host (pf, vnet (vimage), freebsd 11.1)
irukandji
irukandji at voidptr.eu
Tue Nov 7 15:50:16 UTC 2017
Hi Everyone,
Problem: isolating jail away from internal network and host "hosting"
it.
Environment: jail with 192.168.1.100, host 192.168.1.200, VIMAGE
enabled kernel, VNET (vnet0:JID) over bridge interface (bridge0),
single network card on re0
I am unable prevent jail accessing host (192.168.1.200) for any other
ip it is working, i have configured VNET just to have separated stack
but host is still accessible from jail.
Am I missing something or this is just something that cant be
accomplished using pf? I am banging my head to the wall with this issue
for past few months going radical lately (kernel recompile ;) )
but still without any result.
Can PLEASE someone help me out?
Regards,
irukandji
More information about the freebsd-pf
mailing list