Enable pf where jails are used
AbandonedPublic
Actions

Authored by dereckson on Oct 22 2017, 19:11.

Details

Reviewers

dereckson

Summary

Jails should receive a unique IP to avoid port listening conflicts.

The plan is so to configure an internal NAT on the server.

To create redirect rules, we need a firewall like pf.

Test Plan

Ensure pf kernel module is loaded running kldstat

Diff Detail

Repository

rOPS Nasqueron Operations

Lint

Lint Passed

Unit

No Test Coverage

Branch

jails-nat-network

Build Status

Buildable 1731
Build 1979: arc lint + arc unit

Event Timeline

dereckson created this revision.Oct 22 2017, 19:11

Harbormaster completed remote builds in B1731: Diff 2807.Oct 22 2017, 19:11

dereckson retitled this revision from Enable pf when we use jails to Enable pf where jails are used.Oct 22 2017, 19:15

dereckson edited the summary of this revision. (Show Details)

Ysul

$ salt-call --local state.apply roles/paas-jails/network
ocal:                                 
----------                             
          ID: pf_rc_ezjail             
    Function: file.managed             
        Name: /etc/rc.conf.d/pf        
      Result: True                     
     Comment: File /etc/rc.conf.d/pf updated                                   
     Started: 19:16:40.888692          
    Duration: 103.817 ms               
     Changes:                          
              ----------               
              diff:                    
                  New file             
              mode:                    
                  0644                 

Summary for local                      
------------                           
Succeeded: 1 (changed=1)               
Failed:    0                           
------------                           
Total states run:     1                
Total run time: 103.817 ms             

$ service pf start
/etc/rc.d/pf: WARNING: /etc/pf.conf is not readable.