[Bug 239393] connect(2) returns EACCESS in vnet jail
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Jul 23 16:07:47 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239393
--- Comment #3 from Yuri Victorovich <yuri at freebsd.org> ---
(In reply to Kristof Provost from comment #2)
ipfw kernel model is loaded, net.inet.ip.fw.default_to_accept=0, but networking
works on the host. ipfw has default rules:
> $ sudo ipfw list
> 00100 allow ip from any to any via lo0
> 00200 deny ip from any to 127.0.0.0/8
> 00300 deny ip from 127.0.0.0/8 to any
> 00400 deny ip from any to ::1
> 00500 deny ip from ::1 to any
> 00600 allow ipv6-icmp from :: to ff02::/16
> 00700 allow ipv6-icmp from fe80::/10 to fe80::/10
> 00800 allow ipv6-icmp from fe80::/10 to ff02::/16
> 00900 allow ipv6-icmp from any to any icmp6types 1
> 01000 allow ipv6-icmp from any to any icmp6types 2,135,136
> 65000 allow ip from any to any
> 65535 deny ip from any to any
Unloading the ipfw module removes "Permission denied" in the vnet jail. It
becomes "Connection refused" on 127.0.0.1, as it should be. The host works the
same with or without ipfw.
Why does the presence of ipfw module cause "Permission denied" in the vnet
jail, while the host functions the same?
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list