Hi,
There appears to be a loosely documented sysctl
'security.jail.param.ip4.saddrsel' which should limit source IP
selection of jails to their primary jail interface/IP. The sysctl does
not appear to do anything, however:
# sysctl security.jail.param.ip4.saddrsel=0
->
# echo $?
0
# sysctl security.jail.param.ip4.saddrsel
#
# sysctl -d security.jail.param.ip4.saddrsel
security.jail.param.ip4.saddrsel: Do (not) use IPv4 source address
selection rather than the primary jail IPv4 address.
Is this tunable only available when VIMAGE jails are built? The
8.1-RELEASE Release Notes suggest it is for VIMAGE jail(8) containers,
while 7.3-RELEASE Release Notes suggest that it is available for the
entire jail(8) subsystem as 'security.jail.ip4_saddrsel', a different OID.
FreeBSD xxxx 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Tue Aug 3 16:24:09 EDT
2010 r...@xxxx:/usr/obj/usr/src/sys/GENERIC amd64
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
