From owner-freebsd-jail@freebsd.org  Sat Nov 28 01:49:27 2015
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 036EFA3B32F
 for <freebsd-jail@mailman.ysv.freebsd.org>;
 Sat, 28 Nov 2015 01:49:27 +0000 (UTC)
 (envelope-from allanjude@freebsd.org)
Received: from mx1.scaleengine.net (mx1.scaleengine.net [209.51.186.6])
 by mx1.freebsd.org (Postfix) with ESMTP id D680A18F0
 for <freebsd-jail@freebsd.org>; Sat, 28 Nov 2015 01:49:26 +0000 (UTC)
 (envelope-from allanjude@freebsd.org)
Received: from [10.1.1.2] (unknown [10.1.1.2])
 (Authenticated sender: allanjude.freebsd@scaleengine.com)
 by mx1.scaleengine.net (Postfix) with ESMTPSA id BBDA4DBF5
 for <freebsd-jail@freebsd.org>; Sat, 28 Nov 2015 01:49:19 +0000 (UTC)
Subject: Re: Issue with running 'pkg update' from jails with
 "net.inet.tcp.blackhole=2" sysctl.
To: freebsd-jail@freebsd.org
References: <CADLW+u01U3KaOX11cphg0eFv8Hh-PHHcs7kEkV_ONnj=-Tx7yg@mail.gmail.com>
From: Allan Jude <allanjude@freebsd.org>
Message-ID: <5659082C.7030805@freebsd.org>
Date: Fri, 27 Nov 2015 20:49:32 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <CADLW+u01U3KaOX11cphg0eFv8Hh-PHHcs7kEkV_ONnj=-Tx7yg@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="o6UsfTXE6bHRCk3gPgbcO9gD3HsqO8Rq9"
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Nov 2015 01:49:27 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--o6UsfTXE6bHRCk3gPgbcO9gD3HsqO8Rq9
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 2015-11-27 15:25, Goran Tep=C5=A1i=C4=87 wrote:
> Hi, I just discovered this little sysctl tweak (*net.inet.tcp.blackhole=
=3D2*)
> which from what I understood can help hiding host from network scanners=
 or
> at least slow them down.
>=20
> Everything works just fine except when updating jail (*running pkg
> update / upgrade*) off the host's Nginx instance serving Poudriere-buil=
t
> packages and with this sysctl set, update/upgrade command just hangs, n=
ot
> sure why.
>=20
> Anyone having same issue?
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"=

>=20

If it is connecting to a port that is not open, instead of an error, it
will have to wait 2+ minutes for the connection to timeout.

I am not sure what is happening, but i imagine if you leave it long
enough, something will happen.

--=20
Allan Jude


--o6UsfTXE6bHRCk3gPgbcO9gD3HsqO8Rq9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWWQgvAAoJEBmVNT4SmAt+RaUQANtGDxSTFl+xzcNa+UfUlQSj
e0LUsOnKj0750uVYM8dml2OG1o9VQfxgWBCkl0kS/KRdbjeUQjd2wEJ5Iasz7Agq
XjoIEbOZzw5RqbPY7mEQOrPBP7qMoaKN62Vku+B+ZCgIzFbP7Goi9QNHqqxrZ4Ah
cptxTUrU8pXopdPhGBeNJKyIwd6Da1LlvTHWjEUnpnnoyoi9cFJxd1AcZYA+W75W
3I+AgTG7Q9zJZi+yRXww+IERqgdQ2bV54WVHIK2ndUCpP9WuD8HYVGHiWUYN5cdF
3hab9LKoO6irZykHMG3E8YxOCv9tZ14eQj9BZ2xQeFQzV16JJnLGy/0y+3FJ+UxW
qXl4ezzKBDUd0xV1yeeVCP/lVzhN6qZUfnDbXYeKSKkCLTbvXBdwAqO+b+imoS3v
C/WGKVNkbZJAorWzjjQ4egCcCdD0DAL4LDar6TA2ubdJBjiR2q1ZS/LeTlt5NCZA
8T+rUcZmcYJkL1gzugEE2nI8B94QNk2gfmKJPWaOt9uhVwmie0HZdc2rVTv2bVIC
LhsR6mlbh0TRPFiLj+GLNnJ7bzCmXaeR26UxEC466ng60dZg9cniWr3O1qHsCgVl
8EoFdEqnHMUEmLTZWe/xQ7o9OKouaijH/aUXyTc0wf1pr8Mrzekz2iF84MAxuu8G
qGTwuuIT3PzuOmM1Cspe
=lXmn
-----END PGP SIGNATURE-----

--o6UsfTXE6bHRCk3gPgbcO9gD3HsqO8Rq9--