Bjoern A. Zeeb bz at FreeBSD.org
Wed Nov 19 14:05:41 UTC 2014

On 19 Nov 2014, at 03:28 , Craig Rodrigues <rodrigc at FreeBSD.org> wrote:

> (6)  Ask clusteradm to run one of the machines they use
>      for PF firewalls + IPv6 with a VIMAGE enabled kernel, and provide
>      feedback.

For people to use pf with VIMAGE we first MUST have the security fix imported that I pointed out a couple of times in the past.

It won’t matter on the firewalls with just a VIMAGE enabled kernel but using VIMAGE + pf inside a jail (once that really works if it doesn’t already) will allow everyone how can administer pf inside the jail to take over the entire machine otherwise.

Bjoern A. Zeeb             "Come on. Learn, goddamn it.", WarGames, 1983

More information about the freebsd-virtualization mailing list