From owner-freebsd-security Tue Sep 18 12:30:13 2001 Delivered-To: freebsd-security@freebsd.org Received: from alpha.focalnetworks.net (alpha.focalnetworks.net [209.135.104.32]) by hub.freebsd.org (Postfix) with SMTP id 49EB737B415 for ; Tue, 18 Sep 2001 12:30:03 -0700 (PDT) Received: (qmail 83225 invoked by uid 1000); 18 Sep 2001 19:32:38 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 18 Sep 2001 19:32:38 -0000 Date: Tue, 18 Sep 2001 15:32:38 -0400 (EDT) From: project10 To: Andrew Penniman Cc: Subject: Re: ipfw in a jail-centric environment? In-Reply-To: <003701c14069$bb1d2e00$7811a8c0@GANDALF> Message-ID: <20010918153120.O83149-100000@alpha.focalnetworks.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Andrew, You have to do packet filtering on the host system, the jails do not allow (by default, changing it would be a very bad idea) rulesets to be changed from within a jail. I know this holds true for ipfw, I don't know about packet filters such as ipf. Natd isn't required. -Shawn On Tue, 18 Sep 2001, Andrew Penniman wrote: > I'm playing with jails for the first time and am not sure how to handle packet filtering in this scenario. > > Should the host and jail environments each handle their own packet filtering or is all filtering handled by the host? Is natd required? > > I have tried to locate information on this subject but haven't found anything useful.... > > Thanks much, > Andrew Penniman > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message