On 05/06/07, Paul Fraser <[EMAIL PROTECTED]> wrote:
On 6/5/07, David N <[EMAIL PROTECTED]> wrote:
> To get isc-dhcpd in a jail you need to give the jail access to /dev/bpf0
> so you have to edit /etc/defaults/devfs.rules
> add to the end the unhide rules for bpf eg.
> [devfsrules_unhide_bpf=5]
> add path bpf0 unhide
> [devfsrules_dhcp_jail=6]
> add include $devfsrules_hide_all
> add include $devfsrules_unhide_basic
> add include $devfsrules_unhide_login
> add include $devfsrules_unhide_bpf
> then in your /etc/rc.conf add
> jail_<jailname>_defs_ruleset="devfsrules_dhcp_jail"
> and restart the jail.

Thank you very much David, that's done the trick! I much prefer having
dhcpd sitting in a jail along with a few other network services.




Paul Fraser

np, for the life of me i couldn't get isc-dhcpd working in jails at
all without the bpf0. I tried all the jail patches and everything. Its
the only way i found it to work.

But it does mean that if the dhcpd gets compromised, they'll have
control of the bpf0, not really sure what it does though =)

I'm glad it worked out though

David N
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to