Allow ip4/ip6 inherit #535
Conversation
|
I found it disappointing that it is not possible to just inherit ip4 and ip6 from the host. Looking forward for this PR get merged in. |
|
534 has been previously merged. |
|
@cqexbesd I want to merge this but need you to update the code to resolve the conflicts. Sorry it took us this long to get to this. |
Either or both ip4 and ip6 can be set to inherit. For example I have used the following config: ``` interface = vtnet0; ip4 = inherit; ip6 = new; ip6.addr = 2a01:xxxx:xxxx:xxx::1; ```
cqexbesd
force-pushed
the
allow_inherit
branch
from
9332d32
to
0c7a0be
Compare
|
Rebased |
|
will review with @cedwards this week and get merged. |
|
I like this but let's work on expanding it to full support before we merge anything. In other words, let's add support for creating jails using inherit and make it a first class citizen. For my own reference, I would appreciate any real examples of using inherit (honestly not a feature I ever personally use, hence the lack of current support). Also, any docs or code on how iocage or others handle inherit-based jails would be nice for me to better understand. |
Allow users to set
ip4orip6toinherit.This isn't perfect as:
jail.confby hand)pfwill be in use so things likestop, while working, also emitJail IP not found: nnnnfromrdr.shHowever it seems to work and might satisfy #369 and #405.
I tried to address the
stopIP assumption but I wasn't sure enough about the circumstances when there will bepfrules in place. Perhaps someone who understands all he permutations could produce a table of the different allowed values of ip[46]* and what it means for other networking things (pf rules, vnet interfaces, pairs etc). Then there could be a common set of functions other scripts could call to check if they should be doing any of that stuff.NB this PR assumes #534 gets pulled first - then this becomes just the one commit.