The Setup: I've got a pretty simple setup... A FreeBSD 10.0 host with 3
jails on it. The host, and each jail are assigned a public IP address.
The host runs PF that controls inbound and outbound traffic for itself
and it's jails. All works really nicely. Here's a basic diagram:
PF does a really good job controlling traffic to and from remote system.
I have recently come across the need to limit traffic from jails on the
host to other jails on the same host. I.E. HostA-JailA needs to not be
able to communicate with HostA-JailB. What I am seeing, however, is that
because all these jails share a single interface, the traffic must not
be going through PF as it is just seen as local traffic.
I briefly tried to bring up a jail on another interface (lo1 for
example) and use NAT to provide it with its connectivity, but even then
the local traffic was still not filterable.
There's got to be a way, but my brain hasn't thought of it yet. Any
advice would be amazing, thanks so much ahead of time!
--Matt
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
