diff --git a/net/containernetworking-plugins/pkg-message b/net/containernetworking-plugins/pkg-message index 32b0f5b9dde1..47db23aecfd1 100644 --- a/net/containernetworking-plugins/pkg-message +++ b/net/containernetworking-plugins/pkg-message @@ -1,10 +1,30 @@ Container networking relies on NAT to allow container network packets out to the host's network. This requires a PF firewall to perform the translation. A simple example is included - to use it: # cp /usr/local/etc/containers/pf.conf.sample /etc/pf.conf ... Edit /etc/pf.conf and set v4egress_if, v6egress_if to your network interface(s)s ... # sysrc pf_enable=YES # service pf start + +The sample PF configuration includes support for port redirections. These are +implemented as redirect rules in anchors nested under cni-rdr. + +Support for redirecting connections from the container host to services running +inside a container is included for FreeBSD 13.3 and later. To enable this, first +load the pf kernel module, by adding pf_load="YES" to /boot/loader.conf and +enable PF support for these redirections using sysctl: + +# kldload pf +# sysctl net.pf.filter_local=1 +# service pf restart + +These redirect rules do not currently work if the destination address is +localhost (e.g. 127.0.0.1 or ::1) - always use the hosts IP address when +connecting to a service inside a container using a port redirection. For example +if host port 1234 is redirected to an http service running in a container, you +could connect to it using: + +# fetch -o- http://$(hostname):1234 diff --git a/sysutils/podman-suite/Makefile b/sysutils/podman-suite/Makefile index 2b9c01cd67ea..173c4b64cfd8 100644 --- a/sysutils/podman-suite/Makefile +++ b/sysutils/podman-suite/Makefile @@ -1,21 +1,21 @@ PORTNAME= podman-suite -PORTVERSION= 20230721 +PORTVERSION= 20230817 CATEGORIES= sysutils MAINTAINER= dfr@FreeBSD.org COMMENT= Metaport of podman and buildah toolkit WWW= https://podman.io/ USES= metaport RUN_DEPENDS= buildah>=0:sysutils/buildah \ podman>=0:sysutils/podman \ skopeo>=0:sysutils/skopeo .include .if ${OPSYS} != FreeBSD IGNORE= not supported for this configuration .endif .include