Write ipfw rules for FreeBSD host and vnet jail servers

Write ipfw rules for FreeBSD host and vnet jail servers : Web --- Router ---- em0 Host vswitch0 ------------- zjail00 (Mongrel2 server) | |------- zjail01 (Brubeck web python framework) | |------- zjail02 (Mongo DB) | |vswitch1 ------------- zjail10 (Mongrel2 server) |------- zjail11 (Special Application) |------- zjail12 (Mongo DB) Inputs : 001) Existing host & jail /etc/[login to view URL] and all information requested 002) Network architecture (as above) Implementation requirements / constraints : 010) FreeBSD 9.1 full ZFS 020) jails being zfs jails using zjails ([login to view URL]) 030) ipfw, dummynet 040) ipban 050) ZeroMQ IPC Functional requirements : 100) secured firewalling for the services above 101) zjail00 supports HTTP, HTTPS, SSH, file download for installation on any os client 102) zjail0x shall don't know zjail1x ip addresses 103) feed fail2ban 104) dummynet optimisations 110) MongoDB master/slave replication with QoS 120) Access to zjail1x from a white list provided by zjail01 121) IPC between a white listed web client to zjail11 Contractual condition : 200) Provide a ipfw example that provides access to the web from a vnet zjail. Say, on host, nic=em0, ip=[login to view URL], gateway=[login to view URL], vswitch2 ip=[login to view URL], jail ip=[login to view URL], jail default router=[login to view URL] 201) Provide FreeBSD / ipfw / dummynet / jails records