isc-dhcp3-server in a jail?
David N
davidn04 at gmail.com
Tue Jun 5 10:23:14 UTC 2007
On 05/06/07, Paul Fraser <pfraser at gmail.com> wrote:
> On 6/5/07, David N <davidn04 at gmail.com> wrote:
> > To get isc-dhcpd in a jail you need to give the jail access to /dev/bpf0
> >
> > so you have to edit /etc/defaults/devfs.rules
> > add to the end the unhide rules for bpf eg.
> > [devfsrules_unhide_bpf=5]
> > add path bpf0 unhide
> >
> > [devfsrules_dhcp_jail=6]
> > add include $devfsrules_hide_all
> > add include $devfsrules_unhide_basic
> > add include $devfsrules_unhide_login
> > add include $devfsrules_unhide_bpf
> >
> > then in your /etc/rc.conf add
> > jail_<jailname>_defs_ruleset="devfsrules_dhcp_jail"
> >
> > and restart the jail.
>
> Thank you very much David, that's done the trick! I much prefer having
> dhcpd sitting in a jail along with a few other network services.
>
> Cheers,
>
> P.
>
> --
> Regards,
>
> Paul Fraser
> http://furyc0de.net/
>
np, for the life of me i couldn't get isc-dhcpd working in jails at
all without the bpf0. I tried all the jail patches and everything. Its
the only way i found it to work.
But it does mean that if the dhcpd gets compromised, they'll have
control of the bpf0, not really sure what it does though =)
I'm glad it worked out though
Cheers
David N
More information about the freebsd-questions
mailing list