[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] [PATCH] "Locally configured IP" check in ezjail-admin is not 100% reliable



On 16.01.12 00:45, Thomas Steen Rasmussen wrote:

> ps. Would you be interested in seeing the IP patch ?
> I realize a lot of people might not like the idea of ezjail
> managing IP addresses on the NICs, but I personally
> love that I don't have to manage the jail IP aliases in
> both rc.conf and ezjail configs ;)

Well, what interest me more than what happens when STARTING a jail is
what you do when STOPPING it. Do you leave the IP address configured? If
not how do you figure out if it is needed by another service or another
jail? What if the host system runs on the IP address?

Also on startup how do you decide which interface to choose, for my use
cases I usually configure IP addresses on cloned loopback interfaces and
set up NAT as well. How would you smartly interact with jail's own fibs?

There's just too many things to consider before adding features that
might possibly harm the host system's operations. Also there's strange
things been going on with the /etc/rc.d/jail script and I try to avoid
some of the mistakes that happen there to provide the ease of use that
the name ezjail promises.

Still, if you like to share the script, I've always been thinking about
providing some third-party repository, containing some additional
scripts, flavours and sample configs.

Regards and thanks,

  erdgeist