https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289234
Bug ID: 289234
Summary: pfctl -s all in a jail does not show pf information
any more (regression?)
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
Hello,
wondering why blacklistd(8) does not block ports in a jail anymore
I noticed that pfctl -s all does not show any pf information.
With yesterdays CURRENT (host and jail) it shows in a jail
$ pfctl -s all
pfctl: DIOCGETRULES: Operation not permitted
INFO:
Status: Disabled Debug: None
State Table Total Rate
current entries 0
Counters
pfctl: Operation not permitted
TIMEOUTS:
pfctl: DIOCGETTIMEOUT: Operation not permitted
while it shows full information when executed at the host.
git biscet reveals that the first commit which reduced the pf information in a
jail is
pf: mark netlink commands as requiring NETINET_PF privileges
https://cgit.freebsd.org/src/commit/?id=e774c1ef27bc2883e05fcd26b5bbf775fdfe3e10
It looks like pf is not accessible by a jail any more and so blacklistd can not
block ports from within a jail.
Ralf
--
You are receiving this mail because:
You are the assignee for the bug.
