pf ruleset modify from jail
Max Laier
max at love2party.net
Tue Sep 6 07:50:47 PDT 2005
On Tuesday 06 September 2005 13:52, Szukács István wrote:
> The problem is that inside the jail the root has access to pf(the
> outside system's pf), and can read/write the ruleset.
> How can i protect it?
You can use devfs rulesets to hide /dev/pf from the jail's devfs. See
devfs(8) for more details.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20050906/d7112867/attachment.bin
More information about the freebsd-pf
mailing list