FreeBSD Jails Containers and Linux vs FreeBSD Firewalls
-
FreeBSD Jails Containers
FreeBSD networking and containers (Jails) stacks are very mature and provide lots of useful features … yet for some reason these features are not properly advertised by the FreeBSD project … or not even documented at all. I remember when Solaris was still under Sun before ‘fatal’ 2008 Oracle acquisition and one of the advertised Solaris features was its networking capabilities – along with virtual switches etc. that were administrated with the ipadm(1M) and dladm(1M) commands. FreeBSD while having technologies like Netgraph or Jails lightweight containers – along with VNET Jails that have full independent of the host virtual network stack … almost does not advertise them at all. The VNET Jails – while being production ready and used by thousands of sysadmins – are still not documented in the FreeBSD Handbook or FreeBSD FAQ at all … you will not be able to find a single VNET mention in the FreeBSD Handbook. Even the FreeBSD Man Pages like jail.conf(5) does not mention it – only jail(8)partially mentions VNET feature.
-
Linux vs. FreeBSD: Linux and FreeBSD Firewalls – The Ultimate Guide, Part 2
In the first article of this series, we covered the major differences between two types of firewalls platforms – either Linux or FreeBSD based and what the options are. We covered how pf, IPFW, iptables and nftables act when actions are applied to different packages and just in general the differences between deploying a FreeBSD-based firewall and a Linux-based firewall. In the second part, we go a bit deeper and discuss how egress filtering is done, and how tables and sets are built.