peter.b...@bsd4all.org wrote:
There have been issues with pf if I recall correctly. I currently have issues
with stable, pf and vnet. There is an issue with pf table entries when an
interface is moved to a different vnet.
Does anyone no if there is a specific fix for this that hasn’t been ported to
stable? I haven’t had the time to test this on current.
Peter
PF was fixed in 11.0 to not panic when run on a host that has vimage
compiled into the kernel. On 11.0 you can configure pf to run in a vnet
jail but it really does not enforce any firewall rules because pf needs
access to the kernel which jail(8) is blocking by design. As far as I
know this is a show shopper that can not be fixed without a pf rewrite
changing the way it works internally.
This PR gives all the details
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212013
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
