kern/61483: Jail security is not honored using IP Filter
Pawel Malachowski
pawmal-posting at freebsd.lublin.pl
Sat Jan 17 09:30:22 PST 2004
The following reply was made to PR kern/61483; it has been noted by GNATS.
From: Pawel Malachowski <pawmal-posting at freebsd.lublin.pl>
To: Andrew Kolchoogin <andrew at rinet.ru>
Cc: FreeBSD-gnats-submit at freebsd.org
Subject: Re: kern/61483: Jail security is not honored using IP Filter
Date: Sat, 17 Jan 2004 18:25:27 +0100
On Sat, Jan 17, 2004 at 07:52:18PM +0300, Andrew Kolchoogin wrote:
> >How-To-Repeat:
> 1) Set up any jail:
>
> mkdir /usr/jail
> cd /usr/src
> make buildworld
> make DESTDIR=/usr/jail installworld
> cd etc
> make DESTDIR=/usr/jail distribution
Please show /dev content and consult with jail(8).
> 2) Run shell inside jail:
>
> jail /usr/jail localhost 127.0.0.1 /bin/tcsh
>
> 3) Start 'ipfstat' command:
>
> ipfstat -io
>
> And you will see all of your IP filter rules set up outside jail.
--
Pawe³ Ma³achowski
More information about the freebsd-bugs
mailing list