Bjoern A. Zeeb wrote:
On 28 Oct 2018, at 15:31, Ernie Luzar wrote:
Tested with host running ipfilter and vnet running pf. Tried loading
pf from host console or from vnet console using kldload pf.ko command
and get this error message;
linker_load_file: /boot/kernel/pf.ko-unsupported file type.
Looks like the 12.0 version of pf which is suppose to work in vnet
independent of what firewall is running on the host is not working.
You cannot load pf from inside a jail (with or without vnet). Kernel
modules are global objects loaded from the base system or you compile
the devices into the kernel; it is their state which is virtualised.
If you load multiple firewalls they will all be available to the base
system and all jails+vnet. Whichever you configure in which one is up
to you. Just be careful as an unconfigured firewall might have a
default action affecting the outcome of the overall decision.
For example you could have:
a base system using ipfilter and setting pf to default accept everything
and a jail+vnet using pf and setting ipfilter there to accept everything.
Hope that clarifies some things.
/bz
Hello Bjoern.
What you said is correct for 10.x & 11.x. But I an talking about
12.0-beta1. I have the ipfilter options enabled in rc.conf of the host
and on boot ipfilter starts just like it all ways does. Now to prep the
host for pf in a vnet jail, I issue from the host console the
"kldload pf.ko" command and get this error message;
linker_load_file: /boot/kernel/pf.ko-unsupported file type.
Something is wrong here. This is not suppose to happen according to your
post above.
Remember that in 12.0 vimage is included in the base system kernel.
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
