Date: Tue, 18 Sep 2001 15:32:38 -0400 (EDT) From: project10 <project10@alpha.focalnetworks.net> To: Andrew Penniman <apenniman@adelphia.net> Cc: <freebsd-security@freebsd.org> Subject: Re: ipfw in a jail-centric environment? Message-ID: <20010918153120.O83149-100000@alpha.focalnetworks.net> In-Reply-To: <003701c14069$bb1d2e00$7811a8c0@GANDALF>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrew, You have to do packet filtering on the host system, the jails do not allow (by default, changing it would be a very bad idea) rulesets to be changed from within a jail. I know this holds true for ipfw, I don't know about packet filters such as ipf. Natd isn't required. -Shawn On Tue, 18 Sep 2001, Andrew Penniman wrote: > I'm playing with jails for the first time and am not sure how to handle packet filtering in this scenario. > > Should the host and jail environments each handle their own packet filtering or is all filtering handled by the host? Is natd required? > > I have tried to locate information on this subject but haven't found anything useful.... > > Thanks much, > Andrew Penniman > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010918153120.O83149-100000>