Tuesday, March 22, 2016

FreeBSD Jails - VIMAGE - firewall

VIMAGE jails has its own virtual network stack, therefore it is a good idea to enable a firewall (IPFW):

- add the following to /etc/rc.conf inside VIMAGE jail:

# PF Firewall

The available firewall types are:
  1. open: passes all traffic.
  2. client: protects only this machine.
  3. simple: protects the whole network.
  4. closed: entirely disables IP traffic except for the loopback interface.
  5. workstation: protects only this machine using stateful rules.
  6. UNKNOWN: disables the loading of firewall rules.
  7. filename: full path of the file containing the firewall ruleset.

If firewall_type is set to either client or simple, modify the default rules found in /etc/rc.firewall to fit the configuration of the system.

Note that the filename type is used to load a custom ruleset.

Update: I only got IPFW firewall working in jail after enable it in host as well.


No comments:

Post a Comment