Hi, > Hi to everyone! > I want to deploy several "jailed" firewalls, where each one of them would > contain at least three multiple virtual interfaces (associated with virtual > internal nets) like "WAN", "LAN" and "DMZ" for example... > First *innocent* question (I beg you pardon for my ignorance dealing with > jails!) Can vnet/vimage help me deploy such a complex jailed environment??? Yes. If you need help you can email me privately.
> Secod *innocent* question, so far so good, reading at jail manpage (circa > July 6, 2015/FreeBSD 10.3) it seems VNET/VIMAGE is fully integrated to the > FreeBSD kernel, is VNET/VIMAGE ready for production level??? Yes. I have been using vneted Jail from 10.0 in quite complex scenarios. Yes, there are some open issues with vnet (pf, memory leak on stopping jail and so on), but I think in 11-RELEASE this bugs will be fixed. Currently Bjorn Zeeb works on this problems. See https://svnweb.freebsd.org/base/projects/vnet/ But for now, you can safely use vnet. Just use IPFW and do not start/stop jails needlessly. > As a side note, at the host level would a be some kind of API/service that > would deal with pfctl in order to rule flows between all of them... > Best regards,Seba -- Vitaliy _______________________________________________ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
