[PATCH] pf(4) patch from OpenBSD 4.5
Ermal Luçi
eri at freebsd.org
Mon Oct 18 20:55:04 UTC 2010
On Mon, Oct 18, 2010 at 7:56 PM, Julian Elischer <julian at freebsd.org> wrote:
> On 10/18/10 11:10 AM, Ermal Luçi wrote:
>>
>> Hello,
>>
>> the link http://people.freebsd.org/~eri/pf45_1.diff has the patch for
>> pf(4) as of OpenBSD 4.5 version.
>> The patch is against HEAD.
>> After OpenBSD 4.5 the syntax has changed and this is the reason for
>> such an 'old' version patch.
>>
>> After importing this one the work will go on the newest version and
>> decisions on it will than be done.
>>
>> Be aware that this patch has even support for VIMAGE/VNET.
>> It will enable you to run pf(4) with[in] jails+vnets or just vnets
>> themselves with separate rulesets
>> and policies.
>> pfsync(4) can be loaded as a module also with this patch.
>
> hooray!
>
> what to do with pfsync is hte question.. we don't yet have devfs-per-jail
> but I think that's probably something we
> should work on pretty soon.
> I guess /dev/pfsync could only give you stuff from your own jail/vnet but I
> don't use it so I'm not sure how it works.
AFAIK pfsync(4) is not a devfs consumer.
Its just a wrapped up in-kernel packet generator glued to ifnet interface.
So you should be able to run a failover scenario on 2 jails through pfsync(4).
>
>> Feedback is very welcome.
>>
>> Regards,
>
>
--
Ermal
More information about the freebsd-virtualization
mailing list