Getting /dev/pf in a jail

[Intropy]

I'm trying to set up a jail that will send all non-network-local traffic through a socks proxy that runs in the. I want to leave all traffic not for this jail alone. To do this I want to use pf to pass all TCP/UDP traffic out through 127.0.0.1 socksport.

But I can't figure out how to get the jail to get /dev/pf

Does anyone know how to do that?

 

[Dusan]

I'm trying to set up a jail that will send all non-network-local traffic through a socks proxy that runs in the. I want to leave all traffic not for this jail alone. To do this I want to use pf to pass all TCP/UDP traffic out through 127.0.0.1 socksport.

But I can't figure out how to get the jail to get /dev/pf

Does anyone know how to do that?

pf is not included in FreeNAS. Use ipfw instead.

 

[jgreco]

Wait, what? ipfw is now included?

 

[Dusan]

Yep. It's included because warden uses it to provide NAT for jails, but you can use it for whatever you want... ;)

 

[jgreco]

O. Makes perfect sense in that light. I feel out of touch now...

 

[G Brown]

Wait, what? ipfw is now included?

what about this pf stuff?
>>>freenas: gb@/sbin$: ll p*
-r-xr-xr-x 1 root wheel 228960 Feb 7 21:06 pfctl
-r-xr-xr-x 1 root wheel 24000 Feb 7 21:06 pflogd
vers. 9.2.1

 

[jgreco]

The support binaries. If the kernel module is available then ... you could maybe use it manually but not if you were using jails, since the jail support plumbs in ipfw.