Hi,
To completly isolate specific jail come to my mind the following solution:
1. use vimage.
2. setup 1 broker jail - that jail will have ipfw (or pf if but i recall it
have several bugs and kerbel panics ) with nat, will have 2 nics of 2
different epairs, one to the host and other to the isolated
On 7 Nov 2017, at 23:43, irukandji via freebsd-pf wrote:
> Hi Everyone,
>
> Problem: isolating jail away from internal network and host "hosting"
> it.
> Environment: jail with 192.168.1.100, host 192.168.1.200, VIMAGE
> enabled kernel, VNET (vnet0:JID) over bridge interface (bridge0),
> single net
The use case is to completely isolate jail from the environment for
running a honeypot, i can pf filter the traffic coming from jail
to the internal network but the freebsd server that is running the
jails (here as "host"), can be accessed from jail using its ip. I have
tried various methods of con
On Tue, Nov 07, 2017 at 04:43:48PM +0100, irukandji via freebsd-pf wrote:
> Hi Everyone,
>
> Problem: isolating jail away from internal network and host "hosting"
> it.
> Environment: jail with 192.168.1.100, host 192.168.1.200, VIMAGE
> enabled kernel, VNET (vnet0:JID) over bridge interface (bridg
Hi Everyone,
Problem: isolating jail away from internal network and host "hosting"
it.
Environment: jail with 192.168.1.100, host 192.168.1.200, VIMAGE
enabled kernel, VNET (vnet0:JID) over bridge interface (bridge0),
single network card on re0
I am unable prevent jail accessing host (192.168.1.2
