pf ruleset modify from jail

Max Laier max at
Tue Sep 6 07:50:47 PDT 2005

On Tuesday 06 September 2005 13:52, Szukács István wrote:
> The problem is that inside the jail the root has access to pf(the
> outside system's pf), and can read/write the ruleset.
> How can i protect it?

You can use devfs rulesets to hide /dev/pf from the jail's devfs.  See 
devfs(8) for more details.

/"\  Best regards,                      | mlaier at
\ /  Max Laier                          | ICQ #67774661
 X  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-pf mailing list