kern/61483: Jail security is not honored using IP Filter

Pawel Malachowski pawmal-posting at freebsd.lublin.pl
Sat Jan 17 09:30:22 PST 2004


The following reply was made to PR kern/61483; it has been noted by GNATS.

From: Pawel Malachowski <pawmal-posting at freebsd.lublin.pl>
To: Andrew Kolchoogin <andrew at rinet.ru>
Cc: FreeBSD-gnats-submit at freebsd.org
Subject: Re: kern/61483: Jail security is not honored using IP Filter
Date: Sat, 17 Jan 2004 18:25:27 +0100

 On Sat, Jan 17, 2004 at 07:52:18PM +0300, Andrew Kolchoogin wrote:
 
 > >How-To-Repeat:
 >     1) Set up any jail:
 > 
 >         mkdir /usr/jail
 >         cd /usr/src
 >         make buildworld
 >         make DESTDIR=/usr/jail installworld
 >         cd etc
 >         make DESTDIR=/usr/jail distribution
 
 Please show /dev content and consult with jail(8).
 
 >     2) Run shell inside jail:
 > 
 >         jail /usr/jail localhost 127.0.0.1 /bin/tcsh
 > 
 >     3) Start 'ipfstat' command:
 > 
 >         ipfstat -io
 > 
 >     And you will see all of your IP filter rules set up outside jail.
 
 
 -- 
 Pawe³ Ma³achowski
  


More information about the freebsd-bugs mailing list