Jails and upgrades to 15.0

[bvdw78]

Right, now that was interesting! Apparently the interface for ipfw changed between 14.3 and 15.0. The upgrade itself went off fine, but my jails were suddenly shut off from the network. What gives? Ipfw!

The in-jail ipfw command doesn't work anymore for older vnet jails until you upgrade your jails as well. I didn't have the time for that so I plonked in the ipfw binary from /rescue on the host for now. Things live again, but a word of warning would have been nice.

 

[Erichans]

A lot has changed, this seems relevant, UPDATING:

20250303:
	Commit 4a77657cbc01 changed the ABI between ipfw(8) and ipfw(4).
	Please note that the old ipfw(8) binary will not work with the new
	ipfw(4) module. Therefore, it is recommended to disable ipfw during
	the upgrade, otherwise the host system may become inaccessible because
	ipfw rules cannot be installed with the old binary.

 

[bvdw78]

I did exactly that, but wasn't exactly prepared for my jails to be impacted like this. Logical in hindsight but quite a break from the past for me.

 

[graue.Ritter]

Many thanks for noting this, I would have gotten caught out by this.
I'll add this observation to my planning for my upcoming reinstall of my FreeBSD 13.X server (which has a number of jails). Still vacillating between reinstalling with 14.x or 15.x.

I'm glad that I manage my headless server by connecting my management workstation to the server's serial console via an RS232 cable. It makes installing a little more involved (headless install via serial console), but (unlike using ssh for management) if I mess up firewall rules and/or network interface configurations I can still log in to rectify my mistakes.