secure vnet & dhcp do not work together

bsdci / libioc

A Python library to manage jails with ioc{age,ell}

https://bsd.ci/libioc

Other

38 stars 11 forks source link

secure vnet & dhcp do not work together #544

Open igalic opened 5 years ago

igalic commented 5 years ago

dhcp does not work with secure vnets. However, when creating or starting one such jail, we get no warning.

i managed to find this out only when running ioc -d spam: "Firewall permit not possible for address 'dhcp'"

igalic commented 5 years ago

update: pf can resolve names for you, so if you just set something like:

scrub in all
nat pass on vtnet0 from 172.16.0.0/12 to any -> (vtnet0:0)
rdr on vtnet0 proto tcp from any to vtnet0 port 80 -> webproxy port 80
rdr on vtnet0 proto tcp from any to vtnet0 port 443 -> webproxy port 443
rdr on vtnet0 proto tcp from any to vtnet0 port 4242 -> quassel port 4242

that will just work™ — the question of course is: does it also work with ipfw 😅