# Jail and Firewalls



## fred974 (May 13, 2013)

Hello everyone 

I understand that if you have servers running in a jail, it is not possible to set pfSense inside the jails. Instead, I have to do it on the host. Is my understanding correct?

I have a DB and file server that require different rules. Therefore how do I go about it?

Do I need to visualized my servers with something like Xen to split the servers and applied the firewall?

Thank you all in advance.

Fred


----------



## _martin (May 13, 2013)

Hi, 

I was facing the same issue you're talking about. One option is to use VIMAGE - but it was not stable. It was back in 8.x (or 7.x? I can't remember) and it was not possible to use with PF. Project did mature, maybe it's worth checking it again. 

My solution was to install another FreeBSD in VirtualBox. Not nice, but it serves its purpose (separate IP, rules, accounting, etc.).


----------



## SirDice (May 13, 2013)

fred974 said:
			
		

> I have a DB and file server that require different rules. Therefore how do I go about it?


I don't see what the problem is. Just firewall specific IP addresses with specific rules. Imagine the host to be a firewall and the two jails as two separate physical machines. How would you firewall that?


----------



## kpa (May 13, 2013)

You should be able to filter the jail traffic with specific rules for the jail and have different a policy for the traffic of the host system. If you could elaborate a bit more of what you're trying to achieve we could maybe offer more specific advice.


----------



## fred974 (May 13, 2013)

Hi @SirDice,

When you put it that way, I guess it makes sense. I guess its because I didn't know that I could have a firewall with different rules based on IP addresses.

Thank you you very much.

This forum is very good at supporting newbies like me


----------

