Hello, It involves allowing all applications inside the jail access to raw sockets. Raw sockets are also responsible for ipfw and other services; therefore, it may be prudent to add separate sysctl settings allowing/denying access to those. I have a patch that does allow raw sockets and allows people inside a jail to add ipfw rules for their own IP address(es), among other things. See http://msalem.translator.cx/dist/jail_separation.v7.patch (for 5.0-RELEASE). :)
Thanks, -- Mooneer Salem GPLTrans: http://www.translator.cx/ lifeafterking.org: http://www.lifeafterking.org/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alexandr Kovalenko Sent: Friday, May 30, 2003 7:36 AM To: [EMAIL PROTECTED] Subject: jail && (ping && traceroute) [Please Cc: me on reply] Hello, I have 2 questions: - where in code should I search for icmp socket binding prohibition in jail?; - what bad consequences will appear if I remove those checks and prohibition?. Thanks in advance! -- NEVE-RIPE, will build world for food Ukrainian FreeBSD User Group http://uafug.org.ua/ _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
