我正在运行 FreeBSD 10.3 p4 并观察到一些奇怪的行为
重新启动机器时 pf 因/etc/rc.conf进入而启动
# JAILS
cloned_interfaces="${cloned_interfaces} lo1"
gateway_enable="YES"
ipv6_gateway_enable="YES"
# OPENVPN -> jails
cloned_interfaces="${cloned_interfaces} tun0"
# FIREWALL
pf_enable="YES"
pf_rules="/etc/pf.conf"
fail2ban_enable="YES"
# ... other services ...
# load ezjail
ezjail_enable="YES"
但忽略所有关于监狱的规则。所以我必须手动重新加载规则才能开始
sudo pfctl -f /etc/pf.conf
我的 pf.conf 内容如下:
#external interface
ext_if = "bge0"
myserver_v4 = "xxx.xxx.xxx.xxx"
# internal interfaces
set skip on lo0
set skip on lo1
# nat all jails
jails_net = "127.0.1.1/24"
nat on $ext_if inet from $jails_net to any -> $ext_if …