On Wed, 24 Nov 2010, Steve Polyack wrote:
Hi,
There appears to be a loosely documented sysctl
'security.jail.param.ip4.saddrsel' which should limit source IP selection of
jails to their primary jail interface/IP. The sysctl does not appear to do
anything, however:
# sysctl security.jail.param.ip4.saddrsel=0
-
# echo $?
0
# sysctl security.jail.param.ip4.saddrsel
#
# sysctl -d security.jail.param.ip4.saddrsel
security.jail.param.ip4.saddrsel: Do (not) use IPv4 source address selection
rather than the primary jail IPv4 address.
Is this tunable only available when VIMAGE jails are built? The 8.1-RELEASE
Release Notes suggest it is for VIMAGE jail(8) containers, while 7.3-RELEASE
Release Notes suggest that it is available for the entire jail(8) subsystem
as 'security.jail.ip4_saddrsel', a different OID.
Don't use the systctl; the param tree only tells you which options are
available; ip4.saddrsel is an option to the jail -c|-m command.
/bz
--
Bjoern A. Zeeb Welcome a new stage of life.
ks Going to jail sucks -- bz All my daemons like it!
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
