On 05/06/07, Paul Fraser <[EMAIL PROTECTED]> wrote:
On 6/5/07, David N <[EMAIL PROTECTED]> wrote:
> To get isc-dhcpd in a jail you need to give the jail access to /dev/bpf0
>
> so you have to edit /etc/defaults/devfs.rules
> add to the end the unhide rules for bpf eg.
> [devfsrules_unhide_bpf=5]
> add path bpf0 unhide
>
> [devfsrules_dhcp_jail=6]
> add include $devfsrules_hide_all
> add include $devfsrules_unhide_basic
> add include $devfsrules_unhide_login
> add include $devfsrules_unhide_bpf
>
> then in your /etc/rc.conf add
> jail_<jailname>_defs_ruleset="devfsrules_dhcp_jail"
>
> and restart the jail.

Thank you very much David, that's done the trick! I much prefer having
dhcpd sitting in a jail along with a few other network services.

Cheers,

P.

--
Regards,

Paul Fraser
http://furyc0de.net/


np, for the life of me i couldn't get isc-dhcpd working in jails at
all without the bpf0. I tried all the jail patches and everything. Its
the only way i found it to work.

But it does mean that if the dhcpd gets compromised, they'll have
control of the bpf0, not really sure what it does though =)

I'm glad it worked out though

Cheers
David N
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to