Hello, This patch is interesting. To my understanding though, ipfw uses RAW sockets to communicate with the kernel. Therefore, it might be possible to edit the ipfw table from within the jail, which may be a bad thing. Just a thought.
Thanks, -- Mooneer Salem GPLTrans: http://www.translator.cx/ lifeafterking.org: http://www.lifeafterking.org/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jared Mauch Sent: Sunday, March 16, 2003 1:14 PM To: [EMAIL PROTECTED] Subject: jail support for ping, traceroute, etc.. crude hack so, i am working on building a "super-server" for me and several friends to collaborate with on the money front to put our machine in a colo location, etc.. and still have good access to networking resources. as a result, i needed to modify the FreeBSD kernel such that it will allow us to use ping, traceroute and other tools. obviously we know there will be some underlying security issues associated but we are sophisticated to understand the nature of these and they are an 'acceptable' situation. my diffs are available at http://puck.nether.net/~jared/fbsd-4.8-rc1-diff-jail-raw_ip.txt and are against the 4.8-rc1 /usr/src/sys tree yeah, they're crude but it gets the desired job done. there is a sysctl to control it, so if its not the desired operation it can be easily tweaked. send me comments. enjoy, - jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
