I'm trying to learn jails and there is one concept that I don't manage
to understand.

On the host server (, I've created a jail called mail
( by following the jails(8) manpage. For the moment this
jail only run sshd.

In my rc.conf I've configurated an ip alias on my unique ethernet card.
Now I would like to configure PF to block all connexion on my jail and
pass only ssh from a determined IP address.

My first thought was to configure PF on the server, but in this case PF
don't seems to see the packet addressed to my jail.

In second try, I'd like to configure PF on the jail, but I didn't find
the correct way to do it.

Can you explain me how I can do this, or point me to a documentation on
jails that didn't forgot the network configuration ?

Marc Carmier
I'm trying a new usenet client for Mac, Nemo OS X.
You can download it at http://www.malcom-mac.com/nemo