Host firewall and jails
Matthew Seaman
m.seaman at infracaninophile.co.uk
Sun Apr 18 07:59:05 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 18/04/2010 01:21:44, Fbsd1 wrote:
> Just where do jails fall in reference to the host firewall?
> Do jails see the inbound packets before the host's firewall does?
No. The host firewall handles all of the incoming traffic before it
gets to the jail.
Unless you are using VIMAGE, when the jail can have its own separate
network stack and firewall (ipfw only at the moment -- it crashes and
burns in combination with pf). VIMAGE is experimental still and
shouldn't be used on anything important.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkvKu8AACgkQ8Mjk52CukIx/wQCffjKrcTk73HPro7ljLMGGNhcZ
g6YAnjS/jNxww2TNTx9b2lQf2YB8itjm
=vvuZ
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list