testing 11.0-RC1 vnet jails with ipfilter
Ernie Luzar
luzar722 at gmail.com
Mon Aug 15 15:37:24 UTC 2016
Hello list;
Running 11.0-RC1 with only option vimage compiled into the generic kernel.
I can run ipfilter on the host and start vnet jails containing no
firewalls just fine. But when I try to also have ipfilter run in the
vnet jail nothing happens. I added this to the vnet jails rc.conf
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.boot.rules"
ipmon_enable="YES"
ipmon_flags="-Ds"
Then start the vnet jail and its like those ipfilter statements in the
vnet jails rc.conf are not there. The vnet jails /var/log/messages file
is not even there. Issuing "ipfstat" inside the running vnet jail to
display the jails ipfilter rules gives this error message
"open(IPSTATE_NAME): No such file or directory"
To me this means ipfilter is not running in the vnet jail even though I
requested it in the vnet jails rc.conf file.
So my question to this list is, has anyone managed to get ipfilter to
run inside a vnet jail using any of the 11.0 alpha, beta, or rc
versions? If so would you please share your setup with me?
Maybe I am to close to the bleeding edge for there to be other users in
the same test loop?
Thanks
More information about the freebsd-questions
mailing list