On 18 Oct 2018, at 11:33, Ernie Luzar wrote: > Wanting to get a head start on using 12.0 and vnet jails with in jail > firewall. > > 1. Will Vimage be compiled as a module in the 12.0 kernel and be > included in the base system release? > vimage is a kernel option, not a module. It affects the entire kernel, and cannot be loaded as a module. It’s either enabled or not (and it’s enabled in 12.0). > 1.a. Has the boot time console log message about vimage being "highly > experimental" been removed? > Yes. It was removed around the time it was enabled by default. > 2. Has the pf firewall been fixed so it can now run in a vnet jail or > multiple vnet jails with out concern for which firewall is running on > the host? > Yes. The automated pf tests rely on vimage. > 2.a. Is each vnet/pf log only viewable from it's vnet jail console? > Yes, assuming you mean pflog output. Log files can of course be read from the host. > 2.b. Will pf/kernel module auto load on first call from a vnet jail? > No. The decision to load the pf module is made by the host. If the module is not loaded no jail will be able to use it. Jails may not load kernel modules, for obvious reasons. > 2.c. Does vnet/pf NAT work? > Yes. Best regards, KristofReceived on Thu Oct 18 2018 - 18:10:09 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:18 UTC