--- src/VBox/HostDrivers/VBoxNetFlt/Makefile.kmk.orig	2011-01-14 21:15:29.000000000 +0100
+++ src/VBox/HostDrivers/VBoxNetFlt/Makefile.kmk	2011-01-26 23:53:19.000000000 +0100
@@ -424,10 +424,14 @@
 		$(PATH_SUB_CURRENT)/freebsd/Makefile \
 		$$(if $$(eq $$(VBoxNetFlt/freebsd/Makefile_VBOX_HARDENED),$$(VBOX_WITH_HARDENING)),,FORCE) \
 		| $$(dir $$@)
- ifndef VBOX_WITH_HARDENING
-	$(QUIET)$(SED) -e "s;-DVBOX_WITH_HARDENING;;g" --output $@ $<
- else
 	$(QUIET)$(CP) -f $< $@
+ ifndef VBOX_WITH_HARDENING
+	$(QUIET)$(SED) -e "s;-DVBOX_WITH_HARDENING;;g" --output $@.tmp $@
+	${QUIET}$(MV) -f $@.tmp $@
+ endif
+ ifndef VBOX_WITH_NETFLT_VIMAGE
+	$(QUIET)$(SED) -e "s;-DVIMAGE;;g" --output $@.tmp $@
+	${QUIET}$(MV) -f $@.tmp $@
  endif
 endif # freebsd
 
--- src/VBox/HostDrivers/VBoxNetFlt/freebsd/Makefile.orig	2011-01-14 21:15:29.000000000 +0100
+++ src/VBox/HostDrivers/VBoxNetFlt/freebsd/Makefile	2011-01-26 23:33:57.000000000 +0100
@@ -18,7 +18,7 @@
 
 KMOD = vboxnetflt
 
-CFLAGS += -DRT_OS_FREEBSD -DIN_RING0 -DIN_RT_R0 -DIN_SUP_R0 -DVBOX -DRT_WITH_VBOX -Iinclude -I. -Ir0drv -w -DVBOX_WITH_HARDENING
+CFLAGS += -DRT_OS_FREEBSD -DIN_RING0 -DIN_RT_R0 -DIN_SUP_R0 -DVBOX -DRT_WITH_VBOX -Iinclude -I. -Ir0drv -w -DVBOX_WITH_HARDENING -DVIMAGE
 
 .if (${MACHINE_ARCH} == "i386")
  CFLAGS += -DRT_ARCH_X86
--- src/VBox/HostDrivers/VBoxNetFlt/freebsd/VBoxNetFlt-freebsd.c.orig	2011-01-14 21:15:29.000000000 +0100
+++ src/VBox/HostDrivers/VBoxNetFlt/freebsd/VBoxNetFlt-freebsd.c	2011-01-26 22:33:09.000000000 +0100
@@ -97,6 +97,21 @@
 /** mbuf packet tag */
 #define PACKET_TAG_VBOX        128
 
+#if defined(__FreeBSD_version) && __FreeBSD_version >= 800500
+#include <sys/jail.h>
+#include <net/vnet.h>
+
+#define VBOXCURVNET_SET(arg)		CURVNET_SET_QUIET(arg)
+#define VBOXCURVNET_SET_FROM_UCRED()	VBOXCURVNET_SET(CRED_TO_VNET(curthread->td_ucred))
+#define VBOXCURVNET_RESTORE()		CURVNET_RESTORE()
+
+#else
+
+#define VBOXCURVNET_SET(arg)
+#define VBOXCURVNET_SET_FROM_UCRED()
+#define VBOXCURVNET_RESTORE()
+#endif
+
 /*
  * Netgraph command list, we don't support any
  * additional commands.
@@ -322,6 +337,7 @@
     struct m_tag *mtag;
     bool fActive;
 
+    VBOXCURVNET_SET(ifp->if_vnet);
     fActive = vboxNetFltTryRetainBusyActive(pThis);
 
     NGI_GET_M(item, m);
@@ -346,6 +362,7 @@
             ether_demux(ifp, m);
             if (fActive)
                 vboxNetFltRelease(pThis, true /*fBusy*/);
+            VBOXCURVNET_RESTORE();
             return (0);
         }
         mtx_lock_spin(&pThis->u.s.inq.ifq_mtx);
@@ -363,6 +380,7 @@
             int rc = ether_output_frame(ifp, m);
             if (fActive)
                 vboxNetFltRelease(pThis, true /*fBusy*/);
+            VBOXCURVNET_RESTORE();
             return rc;
         }
         mtx_lock_spin(&pThis->u.s.outq.ifq_mtx);
@@ -377,6 +395,7 @@
 
     if (fActive)
         vboxNetFltRelease(pThis, true /*fBusy*/);
+    VBOXCURVNET_RESTORE();
     return (0);
 }
 
@@ -409,6 +428,7 @@
     bool fDropIt = false, fActive;
     PINTNETSG pSG;
 
+    VBOXCURVNET_SET(ifp->if_vnet);
     vboxNetFltRetain(pThis, true /* fBusy */);
     for (;;)
     {
@@ -438,6 +458,7 @@
             ether_demux(ifp, m);
     }
     vboxNetFltRelease(pThis, true /* fBusy */);
+    VBOXCURVNET_RESTORE();
 }
 
 /**
@@ -452,6 +473,7 @@
     bool fDropIt = false, fActive;
     PINTNETSG pSG;
 
+    VBOXCURVNET_SET(ifp->if_vnet);
     vboxNetFltRetain(pThis, true /* fBusy */);
     for (;;)
     {
@@ -481,6 +503,7 @@
             ether_output_frame(ifp, m);
     }
     vboxNetFltRelease(pThis, true /* fBusy */);
+    VBOXCURVNET_RESTORE();
 }
 
 /**
@@ -498,6 +521,7 @@
     int error;
 
     ifp = ASMAtomicUoReadPtrT(&pThis->u.s.ifp, struct ifnet *);
+    VBOXCURVNET_SET(ifp->if_vnet);
 
     if (fDst & INTNETTRUNKDIR_WIRE)
     {
@@ -539,6 +563,7 @@
         m->m_pkthdr.rcvif = ifp;
         ifp->if_input(ifp, m);
     }
+    VBOXCURVNET_RESTORE();
     return VINF_SUCCESS;
 }
 
@@ -556,6 +581,7 @@
     node_p node;
     RTSPINLOCKTMP Tmp = RTSPINLOCKTMP_INITIALIZER;
 
+    VBOXCURVNET_SET_FROM_UCRED();
     NOREF(pvContext);
     ifp = ifunit(pThis->szName);
     if (ifp == NULL)
@@ -602,6 +628,7 @@
         pThis->pSwitchPort->pfnReportNoPreemptDsts(pThis->pSwitchPort, 0 /* none */);
         vboxNetFltRelease(pThis, true /*fBusy*/);
     }
+    VBOXCURVNET_RESTORE();
 
     return VINF_SUCCESS;
 }
@@ -611,6 +638,7 @@
     struct ifnet *ifp, *ifp0;
 
     ifp = ASMAtomicUoReadPtrT(&pThis->u.s.ifp, struct ifnet *);
+    VBOXCURVNET_SET(ifp->if_vnet);
     /*
      * Attempt to check if the interface is still there and re-initialize if
      * something has changed.
@@ -628,6 +656,7 @@
         vboxNetFltOsDeleteInstance(pThis);
         vboxNetFltOsInitInstance(pThis, NULL);
     }
+    VBOXCURVNET_RESTORE();
 
     return !ASMAtomicUoReadBool(&pThis->fDisconnectedFromHost);
 }
@@ -669,6 +698,7 @@
     Log(("%s: fActive:%d\n", __func__, fActive));
 
     ifp = ASMAtomicUoReadPtrT(&pThis->u.s.ifp, struct ifnet *);
+    VBOXCURVNET_SET(ifp->if_vnet);
     node = ASMAtomicUoReadPtrT(&pThis->u.s.node, node_p);
 
     memset(&ifreq, 0, sizeof(struct ifreq));
@@ -742,6 +772,7 @@
         strlcpy(rm->ourhook, "output", NG_HOOKSIZ);
         NG_SEND_MSG_PATH(error, node, msg, path, 0);
     }
+    VBOXCURVNET_RESTORE();
 }
 
 int vboxNetFltOsDisconnectIt(PVBOXNETFLTINS pThis)