This may be uncommon to most but this is the way I apply dev rules for my manual build jails since FreeBSD-10.0. Here are the relevant parts:
My portable scripts for jails
... and this is essentially all I have to do to tear it down at any point by using a script after exiting the shell.
Since I could not find an inkling of a clue on the internet all week long, last night I tried many ways to modify what I have above inside jail.conf but I’m having no luck.
My question is how do I add a rule to below to apply path to unhide a device such as pf or tun inside a VNET jails?
Jail.conf for VNET
Thanks in advance for even pondering this. FYI, I did not miss much while searching. I even read that developers are nearing a fix to VNET/PF so that a single PF can run the entire system host and jails; so it will be the future if not already. As of now, above all VNET is no longer a memory hog and it works out-the-box as if it was on real hardware. Easy to build, add options VIMAGE and options VNET_DEBUG if you want to get wise. So basically, it is approaching light-speed, with little to no complications. It definitely has me trying again since I never got it to work years back.
My portable scripts for jails
Code:
cd $CELL_1
mount -t devfs devfs /usr/local/SLAMMER/proxy/dev
devfs -m /usr/local/SLAMMER/proxy/dev rule -s 4 applyset
devfs -m /usr/local/SLAMMER/proxy/dev rule apply path tun0 unhide
devfs -m /usr/local/SLAMMER/proxy/dev rule apply path pf unhide
Code:
service $ CELL_1 sshguard stop # stop this and others services then type exit.
umount -A -t nullfs # kill this first just because.
umount -A -t devfs # now tear it all down!
unsetenv CELL_1 # flush the shell env.
My question is how do I add a rule to below to apply path to unhide a device such as pf or tun inside a VNET jails?
Jail.conf for VNET
Code:
proxy {
path = /usr/local/SLAMMER/proxy;
mount.devfs;
devfs_ruleset = 4;
add something? add unhide? How in the world do we do it?