Created attachment 184146 [details] patch to enable services to run into jailvnet After some tests, here are the services that run into a vnet jail: - defaultroute - dhclient - ip6addrctl - natd - pf - pfsync - pflog (deamon runs, pflog0 interface usable, but my /var/log/pflog not filled) - rarpd - route6d (do nothing anyway because obsolete) - routed (do nothing anyway because obsolete) - rtsold - static_arp - static_ndp My testing labs: https://bsdrp.net/documentation/examples/multi-tenant_ha_pf_firewalls https://bsdrp.net/documentation/examples/maximum_bsdrp_features_lab
A commit references this bug: Author: kp Date: Sat Jul 8 09:28:33 UTC 2017 New revision: 320802 URL: https://svnweb.freebsd.org/changeset/base/320802 Log: Allow more services to run in vnet jails After some tests, here are the services that run into a vnet jail: - defaultroute - dhclient - ip6addrctl - natd - pf - pfsync - pflog (deamon runs, pflog0 interface usable, but /var/log/pflog not filled) - rarpd - route6d (do nothing anyway because obsolete) - routed (do nothing anyway because obsolete) - rtsold - static_arp - static_ndp PR: 220530 Submitted by: olivier@freebsd.org Changes: head/etc/rc.d/defaultroute head/etc/rc.d/dhclient head/etc/rc.d/ip6addrctl head/etc/rc.d/natd head/etc/rc.d/pf head/etc/rc.d/pflog head/etc/rc.d/pfsync head/etc/rc.d/rarpd head/etc/rc.d/route6d head/etc/rc.d/routed head/etc/rc.d/rtsold head/etc/rc.d/static_arp head/etc/rc.d/static_ndp