how to make a non-vnet jail local only?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

how to make a non-vnet jail local only?

Ernie Luzar
I have non-vnet jails working that can reach the public internet.
But now I would like to make some local only non-vnet jails that can
only access other local only non-vnet jails. BY local meaning have no
access to the public internet.

How do I make this happen?

Thanks for any pointers.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: how to make a non-vnet jail local only?

Reshad Patuck
Hi Ernie,

For local system only access you can use 127.0.0.1 as the jail IP.

You could use a pf rdr rule to allow only local access to the port running
your jailed service.

Best,
Reshad

On Wed, 5 Aug, 2020, 06:32 Ernie Luzar, <[hidden email]> wrote:

> I have non-vnet jails working that can reach the public internet.
> But now I would like to make some local only non-vnet jails that can
> only access other local only non-vnet jails. BY local meaning have no
> access to the public internet.
>
> How do I make this happen?
>
> Thanks for any pointers.
> _______________________________________________
> [hidden email] mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "[hidden email]"
>
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"