Hi everyone,
Is it possible to use a packet filter inside a jail?
I already use this one on my physical host but I'm doing NAT to/from my jail's virtual interfaces and in PF NAT rules need to be written before all the filtering rules. All my HTTP packets are redirected to my HTTP jail so for example I can't blacklist an IP (from some country) with my table's blocking rules, they are all redirects in my HTTP jail... before blocking
So maybe I can also use PF inside my HTTP jail with some basics rules, but in /etc/rc.conf in my jail:
Problem?
Or, if possible, how to blacklist IP lists before all NAT/redirect operations?
Thanks for the advice.
(PS: The new forum version is nice.)
Is it possible to use a packet filter inside a jail?
I already use this one on my physical host but I'm doing NAT to/from my jail's virtual interfaces and in PF NAT rules need to be written before all the filtering rules. All my HTTP packets are redirected to my HTTP jail so for example I can't blacklist an IP (from some country) with my table's blocking rules, they are all redirects in my HTTP jail... before blocking
So maybe I can also use PF inside my HTTP jail with some basics rules, but in /etc/rc.conf in my jail:
Code:
# No network interfaces in jails
network_interfaces=""
Or, if possible, how to blacklist IP lists before all NAT/redirect operations?
Thanks for the advice.
(PS: The new forum version is nice.)
Last edited: