upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-13 18:50:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/share/examples/jails
History
Mariusz Zaborski de121c5478 jail: copy MTU settings to vnet interface 
Reported by:	Arne Steinkamm <arne@steinkamm.com>
Reviewed by:	bapt, thj
Differential Revision:	https://reviews.freebsd.org/D48334
2025-05-09 11:42:07 +02:00
..
jail.xxx.conf Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
jib Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
jng jail: copy MTU settings to vnet interface 2025-05-09 11:42:07 +02:00
rc.conf.jails Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
rcjail.xxx.conf Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
README Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
VIMAGE Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00

README 

The below 4 samples require a VIMAGE enabled kernel:

	# (as root)
	$ cp VIMAGE /usr/src/sys/amd64/conf/
	$ cd /usr/src
	$ make KERNCONF=VIMAGE kernel
	$ reboot

FreeBSD 12 has VIMAGE enabled in GENERIC on amd64.
In that case, for jng simply load the ng_ether module first
(ng_bridge and ng_eiface will load on demand):

	# (as root)
	# Load the ng_ether module at boot:
	$ sysrc kld_list+=ng_ether
	# Load ng_ether at once without rebooting:
	$ kldload ng_ether

Sample 1: jail.conf(5)

	$ cp jib jng /usr/sbin/
	$ cat jail.xxx.conf >> /etc/jail.conf
	$ vi /etc/jail.conf
	# NB: Customize root directory and bridge interface
	$ sysrc jail_enable=YES
	# NB: Assumes jail_list="" (meaning ``all jails in jail.conf'')
	# NB: Assumes rc_conf_files="" (``below rc.conf(5) samples not used'')
	$ service jail start

Sample 2: rc.conf(5)

	$ cp jib jng /usr/sbin/
	$ cp rc.conf.jails /etc/
	$ vi /etc/rc.conf.jails
	# NB: Customize root directory and bridge interface
	$ sysrc rc_conf_files+=/etc/rc.conf.jails
	# NB: Assumes /etc/jail.conf does not exist and jail_list=""
	$ service jail start

Sample 3: Per-jail jail.conf(5)

	$ cp jib jng /usr/sbin/
	$ cp jail.xxx.conf /etc/
	$ vi /etc/jail.xxx.conf
	# NB: Customize root directory and bridge interface
	$ sysrc jail_enable=YES
	$ sysrc jail_list+=xxx
	# NB: Assumes rc_conf_files=""
	$ service jail start

Sample 4: Per-jail rc.conf(5)

	$ cp jib jng /usr/sbin/
	$ cp rcjail.xxx.conf /etc/
	$ vi /etc/rcjail.xxx.conf
	# NB: Customize root directory and bridge interface
	$ sysrc jail_enable=YES
	$ sysrc jail_list+=xxx
	$ sysrc rc_conf_files+=/etc/rcjail.xxx.conf
	# NB: Assumes neither /etc/jail.conf nor /etc/jail.xxx.conf exist
	$ service jail start

For additional recipes, see share/examples/netgraph for
making and hooking together jails using netgraph as the
virtual networking fabric.