Date: Tue, 23 Jul 2019 16:07:46 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 239393] connect(2) returns EACCESS in vnet jail Message-ID: <bug-239393-227-aRHlNTGuAr@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-239393-227@https.bugs.freebsd.org/bugzilla/> References: <bug-239393-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D239393 --- Comment #3 from Yuri Victorovich <yuri@freebsd.org> --- (In reply to Kristof Provost from comment #2) ipfw kernel model is loaded, net.inet.ip.fw.default_to_accept=3D0, but netw= orking works on the host. ipfw has default rules: > $ sudo ipfw list > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 127.0.0.0/8 to any > 00400 deny ip from any to ::1 > 00500 deny ip from ::1 to any > 00600 allow ipv6-icmp from :: to ff02::/16 > 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 > 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 > 00900 allow ipv6-icmp from any to any icmp6types 1 > 01000 allow ipv6-icmp from any to any icmp6types 2,135,136 > 65000 allow ip from any to any > 65535 deny ip from any to any Unloading the ipfw module removes "Permission denied" in the vnet jail. It becomes "Connection refused" on 127.0.0.1, as it should be. The host works = the same with or without ipfw. Why does the presence of ipfw module cause "Permission denied" in the vnet jail, while the host functions the same? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-239393-227-aRHlNTGuAr>