On 2016-05-29 09:15, Sebastián Maruca via freebsd-jail wrote:
Hi to everyone! I want to deploy several "jailed" firewalls, where each one of them would contain at least three multiple virtual interfaces (associated with virtual internal nets) like "WAN", "LAN" and "DMZ" for example... First *innocent* question (I beg you pardon for my ignorance dealing with jails!) Can vnet/vimage help me deploy such a complex jailed environment???
Yes, I think that sounds like just the sort of complicated mess that vnet jails are best with. It's all about per-jail virtual interfaces.
Secod *innocent* question, so far so good, reading at jail manpage (circa July 6, 2015/FreeBSD 10.3) it seems VNET/VIMAGE is fully integrated to the FreeBSD kernel, is VNET/VIMAGE ready for production level??? As a side note, at the host level would a be some kind of API/service that would deal with pfctl in order to rule flows between all of them...
That's more of a maybe. There are definitely still outstanding issues in the vimage world, especially regarding pf. I don't use either one myself, so I'm just going by what I see on bug reports and the like.
- Jamie _______________________________________________ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
