Script to create epair interfaces for my FreeBSD jails
The way I understand the jib script (/usr/share/examples/jails/jib) is that requires a physical interface to bind the bridge to.
That does not work for me as I only have one physical interface and want to use bridges that are completely isolated.
Lucas' solution in FreeBSD mastery: Jails is to create a second loopback interface (p. 165) using:
cloned_interfaces = "lo1"Alas, this did not work for me (12.0-RELEASE) and neither did it work for others (Marko Zec, 2016): "if_bridge(4) works only with ethernet interfaces, and lo(4) isn't such a thing". This, added with the fact that I don't understand a thing of the script, my bash-fu is not that great, I decided to write my own script after figuring out how to make it work.
The install file assumes scripts are to be installed in /usr/local/bin/ and creates a symlink to that directory. Possibly this needs to be done as root.
First you should manually create the bridges, e.g. by putting the following lines in /etc/rc.conf:
cloned_interfaces="bridge0 bridge1"
ifconfig_bridge0_name="b0_wan"
ifconfig_bridge1_name="b1_dmz"Next, assuming /usr/local/scripts/ is in the path, you can create a jail as such:
XXX {
vnet;
vnet.interface = e0a_b0_wan_$name, e0a_b1_dmz_$name;
exec.prestart = "ep create $name b0_wan b1_dmz";
exec.poststop = "ep destroy $name b0_wan b1_dmz";
}Enjoy.
tom:ep-jails/ (master) $ ./ep.py -h
usage: ep.py [-h] [-v] [-a ASIDE] {create,destroy} ...
Create and destroy epair interfaces for jails.
optional arguments:
-h, --help show this help message and exit
-v, --verbose Increase the verbosity level by adding this argument
multiple times.
-a ASIDE, --aside ASIDE
Use the 'A' side of the epair instead of the default
'B' pair.
Commands:
{create,destroy}
create Create epair interfaces for the given jail.
destroy Destroy the epair interfaces for the given jail.
tom:ep-jails/ (master) $The script needs error checking, e.g.:
- Check whether the interfaces already exist before trying to create or delete them.
- Check for the maximum length of interface names (which is 16, including terminating '\0' -- source).
- Catch and handle Exceptions.