On 28 Oct 2018, at 15:31, Ernie Luzar wrote:
Tested with host running ipfilter and vnet running pf. Tried loading
pf from host console or from vnet console using kldload pf.ko command
and get this error message;
linker_load_file: /boot/kernel/pf.ko-unsupported file type.
Looks like the 12.0 version of pf which is suppose to work in vnet
independent of what firewall is running on the host is not working.
You cannot load pf from inside a jail (with or without vnet). Kernel
modules are global objects loaded from the base system or you compile
the devices into the kernel; it is their state which is virtualised.
If you load multiple firewalls they will all be available to the base
system and all jails+vnet. Whichever you configure in which one is up
to you. Just be careful as an unconfigured firewall might have a
default action affecting the outcome of the overall decision.
For example you could have:
a base system using ipfilter and setting pf to default accept everything
and a jail+vnet using pf and setting ipfilter there to accept
everything.
Hope that clarifies some things.
/bz
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
