# Necessary to create ezjail IP address in host rc.conf?



## Ed_Flecko (Aug 5, 2015)

I see the man page for `ezjail-admin create` says that both the jailname and IP address are mandatory parameters when creating a new jail. I've seen videos that say that ezjail will create the jail IP alias dynamically on startup, but I've also seen examples of people who pre-create an alias (that they intend on assigning to the jail) within the hosts' rc.conf before even creating their first jail.

Is the IP alias within the rc.conf file necessary or just specify it when the jail is created, like in the man page, i.e.:
`ezjail-admin create example.com 'em0|10.0.0.2'`

Comments?

Ed


----------



## junovitch@ (Aug 6, 2015)

Both methods work.  It's mostly a matter of personal preference.


----------



## Ed_Flecko (Aug 6, 2015)

Thank you.

I guess my confusion lies with the fact that it seems like you're creating unnecessary work by pre-creating the alias entry in your rc.conf file? But I probably also don't completely understand what happens when you create the jail initially and specify the IP address you want? In other words, is the ezjail script(s) essentially creating the same IP alias entry in some file(s) somewhere and that's how the alias stays persistent after booting?

Ed


----------



## wblock@ (Aug 6, 2015)

Someone might want those addresses created to be used in a firewall that starts before the jail itself.


----------



## kpa (Aug 6, 2015)

See this recent thread for a situation where the aliases should be added in /etc/rc.conf:

https://forums.freebsd.org/threads/cannot-parse-pf-new-config-file.52504/

There's no difference otherwise where the aliases are added, ezjail is just running `ifconfig $if $address alias` as part of the jail startup just the same way the rc(8) scripts are.


----------



## Ed_Flecko (Aug 6, 2015)

wblock@ said:


> Someone might want those addresses created to be used in a firewall that starts before the jail itself.



Now that's an interesting thought. I am planning on using PF on this box as well, so maybe manually adding the entry to the hosts' rc.conf file is a good idea? But, even if I do that, you still have to supply the IP address to the `ezjail-admin create` command when creating the jail, right?

Ed


----------



## junovitch@ (Aug 19, 2015)

Ed_Flecko said:


> ...But, even if I do that, you still have to supply the IP address to the `ezjail-admin create` command when creating the jail, right?



Yes.  You still provide the IP address since the jail has to know which address to use.  Just specify it as `ezjail-admin create jail.example.com 10.0.0.2` rather than `ezjail-admin create jail.example.com 'em0|10.0.0.2'` so the jail subsystem won't try to add an IP that already exists or remove the IP upon jail shutdown.


----------

