Re: Exposing default route(s) to "inherit" jails
- In reply to: Andrea Cocito : "Re: Exposing default route(s) to "inherit" jails"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 01 Nov 2025 18:51:14 UTC
W dniu 1.11.2025 o 17:08, Andrea Cocito pisze: > On 1 Nov 2025, at 07:59, Andrea Cocito <andrea@cocito.eu> wrote: >> Setting net.route.inherit_jail_default_routes=1 makes the default routes visible to “inherit” jails, leaving it at the default (0) keeps the known and current behaviour. > Addenda: > > “net.route.inherit_jail_default_routes” is just terribly ugly, suggestions about how to name it and where to put it are welcome. > > The “thing” that I need to run in the jails in nmap but, as said, “not having a default route” messes up several things. > > All the best, > > A. > Hello Andrea, that’s an interesting patch, but you might not need it anymore, since the "allow.routing" jail permission flag has been available since commit [1]. It's supposed to work in FreeBSD 14.3-RELEASE and in the upcoming 15.0-RELEASE. You can find more details and background about its introduction on Phabricator [2]. It might still be worthwhile to implement read-only access to the routing table for jails, rather than providing full read-write permissions. 1. https://github.com/freebsd/freebsd-src/commit/3a53fe2cc4b7076003163376a7db65e432f6283e 2. https://reviews.freebsd.org/D49843 Cheers Marek