VNET jails and PF service
Miroslav Lachman
000.fbsd at quip.cz
Thu Dec 13 00:46:57 UTC 2018
Goran Mekić wrote on 2018/12/13 01:02:
> Hello,
>
> I can't start PF as service from vnet jail. I have devfs rule to unhide
> bpf (for dhclient) and pf that the jail is using. I can run "pfctl -e -f
> /etc/pf.conf" but "service pf start" fails with:
>
> kldload: can't load pf: Operation not permitted
> /etc/rc.d/pf: WARNING: Unable to load kernel module pf
>
> That's expected given https://svnweb.freebsd.org/base/releng/12.0/libexec/rc/rc.d/pf?view=markup#l25
> in the rc file. What is the proper way to enable PF in VNET jail?
Do you have PF compiled in to your kernel or loaded as module pf.ko in
the host?
Miroslav Lachman
More information about the freebsd-pf
mailing list