Anyone interested in jail patches?
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Sat Nov 29 09:05:08 PST 2008
On Thu, 27 Nov 2008, Frank Behrens wrote:
> On the other side I still read in the patched jail(2) man page:
> "Similarly, it might be a good idea to add an address alias flag such
> that daemons listening on all IPs (INADDR_ANY) will not bind on that
> address...". Can you explain the current behaviour?
I think this question is related to your PR kern/84215.
The current situation is: jails take precendence. So if sshd is
listening on inaddr_any on the host and on inaddr_any inside a jail
the connection to an IP belonging to a jail will end up inside the
jail; any connections to IPs not beloning to jails will end up on the
Obviously if you stop the jail and ssh to a former jail IP you'll end
up on the bsae system and ssh would complain about different keys
possibly while telnet or similar things won't notice.
Bjoern A. Zeeb Stop bit received. Insert coin for new game.
More information about the freebsd-jail