Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 24 Jan 2010 16:05:56 +0000
From:      Jase Thew <freebsd@beardz.net>
To:        svn-src-all@freebsd.org
Subject:   Re: svn commit: r202924 - in stable/7: sys/kern sys/netinet	sys/netinet6 sys/sys usr.sbin/jail
Message-ID:  <4B5C6FE4.5050306@beardz.net>
In-Reply-To: <201001241405.o0OE5u9m049481@svn.freebsd.org>
References:  <201001241405.o0OE5u9m049481@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 24/01/2010 14:05, Bjoern A. Zeeb wrote:
> Author: bz
> Date: Sun Jan 24 14:05:56 2010
> New Revision: 202924
> URL: http://svn.freebsd.org/changeset/base/202924
>
> Log:
>    MFC r202468:
>
>     Add security.jail.ip4_saddrsel/ip6_nosaddrsel sysctls to control
>     whether to use source address selection (default) or the primary
>     jail address for unbound outgoing connections.
>
>     This is intended to be used by people upgrading from single-IP
>     jails to multi-IP jails but not having to change firewall rules,
>     application ACLs, ... but to force their connections (unless
>     otherwise changed) to the primry jail IP they had been used for
>     years, as well as for people prefering to implement similar policies.
>
>     Note that for IPv6, if configured incorrectly, this might lead to
>     scope violations, which single-IPv6 jails could as well, as by the
>     design of jails. [1]
>
>     Note that in contrast to FreeBSD 8.x and newer, where we have
>     per-jail options, the sysctls are global for all jails.
>
>     Reviewed by:		jamie, hrs (ipv6 part) [for HEAD]
>     Pointed out by:	hrs [1]
>     Tested by:		Jase Thew (bazerka beardz.net) (IPv4)
>
>    Approved by:	re (kib)
>
> Modified:
>    stable/7/sys/kern/kern_jail.c
>    stable/7/sys/netinet/in_pcb.c
>    stable/7/sys/netinet6/in6_src.c
>    stable/7/sys/sys/jail.h
>    stable/7/usr.sbin/jail/jail.8
> Directory Properties:
>    stable/7/sys/   (props changed)
>    stable/7/sys/cddl/contrib/opensolaris/   (props changed)
>    stable/7/sys/contrib/dev/acpica/   (props changed)
>    stable/7/sys/contrib/pf/   (props changed)
>    stable/7/usr.sbin/jail/   (props changed)
>
>    
Many thanks!

Regards,

Jase.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B5C6FE4.5050306>