Jails and Firewalls?

K

klabacita

Hi people.

I what to try Jails, I have some doubt about the firewall site,
suppose u have your machine running the firewall, u setup a Jail to run bind.

Wants u build your jail and setup bind or your mailserver, do u have to setup the firewall inside each jail or u just would use the main firewall to protect all your Jails?

Or is not necessary to be to to paranoid?
Or is not a issue not to have a firewall inside each Jail?

Thanks your time :)
 
Jails cannot have a firewall (yet at least). So you would need to run the firewall on the host.
 
What would be the use of a jailed firewall?

In other words, what benefits do you anticipate over the firewall on the host?
 
@ctaranotte: I'd imagine if you have different administrators working on jailed systems (but not the host), then per-jail firewalls would be a great boon.
 
The reason to ask is because, reading about jails, I didn't read anything about this small thing.

This is why I ask u guys to get a little more understanding about how this thing works.

Now u already answer my question, I appreciated a lot, thanks again to all.
 
anomie said:
@ctaranotte: I'd imagine if you have different administrators working on jailed systems (but not the host), then per-jail firewalls would be a great boon.
Click to expand...

That's fine as long as there is a specific virtual interface (other than lo) for the jails.
 
FreeBSD 8.0 will have the virtualized network stack and you should be able to have jails that even have different default gateways and firewalls!
 
Well, I can try to find a patch. I believe I have it somewhere. I took it from 12.0.
And you need to recompile kernel with VIMAGE option. It will work without patch, but not very long.
 
You must log in or register to reply here.
Back
Top