Hello Peter! Not sure I understand the whole hierarchy and flatness analogy, I'm very new to all of this, but what do I tell those who claim that this leaking of the IP poses a security risk and that they therefore should go with FreeBSD jails instead?
Thanks. Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, February 3, 2020 10:27 AM, Peter J. Philipp <p...@centroid.eu> wrote: > On Mon, Feb 03, 2020 at 10:08:52AM +0000, ratatatah wrote: > > > I've been told IP hiding inside FreeBSD jails is much easier, and that > > potential intruders would only be able to see local IPs. Is there any truth > > to that, and if so, why is this so hard to achieve on OpenBSD? > > Thanks, > > Ratah Tatah > > A jail (which isn't implemented in OpenBSD) is a mechanism where resources > are compartmentalized within it. One such resource is IP addresses. > > You can look at this as a model of hierarchy vs. flatness where jails are > a hierarchy and OpenBSD's resources are flat. > > In OpenBSD all aliases and interfaces are accessible to be read by everyone > who can open a socket. Please see the getifaddrs(3) manpage to see why > > Regards, > -peter
