peter.blok_at_bsd4all.org wrote: > There have been issues with pf if I recall correctly. I currently have issues with stable, pf and vnet. There is an issue with pf table entries when an interface is moved to a different vnet. > > Does anyone no if there is a specific fix for this that hasn’t been ported to stable? I haven’t had the time to test this on current. > > Peter PF was fixed in 11.0 to not panic when run on a host that has vimage compiled into the kernel. On 11.0 you can configure pf to run in a vnet jail but it really does not enforce any firewall rules because pf needs access to the kernel which jail(8) is blocking by design. As far as I know this is a show shopper that can not be fixed without a pf rewrite changing the way it works internally. This PR gives all the details https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212013Received on Mon Apr 10 2017 - 11:50:15 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:11 UTC