Date: Sat, 1 Nov 2025 19:51:14 +0100 From: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> To: Andrea Cocito <andrea@cocito.eu>, freebsd-hackers@freebsd.org Subject: Re: Exposing default route(s) to "inherit" jails Message-ID: <11798f26-dd39-4ed0-aecf-3b0b8ada416d@plan-b.pwste.edu.pl> In-Reply-To: <1E561656-BB3E-4FE3-88B4-6D701C748571@cocito.eu> References: <867AD117-5557-4BB8-8976-DBF56BBD8FF1@cocito.eu> <1E561656-BB3E-4FE3-88B4-6D701C748571@cocito.eu>
index | next in thread | previous in thread | raw e-mail
W dniu 1.11.2025 o 17:08, Andrea Cocito pisze: > On 1 Nov 2025, at 07:59, Andrea Cocito <andrea@cocito.eu> wrote: >> Setting net.route.inherit_jail_default_routes=1 makes the default routes visible to “inherit” jails, leaving it at the default (0) keeps the known and current behaviour. > Addenda: > > “net.route.inherit_jail_default_routes” is just terribly ugly, suggestions about how to name it and where to put it are welcome. > > The “thing” that I need to run in the jails in nmap but, as said, “not having a default route” messes up several things. > > All the best, > > A. > Hello Andrea, that’s an interesting patch, but you might not need it anymore, since the "allow.routing" jail permission flag has been available since commit [1]. It's supposed to work in FreeBSD 14.3-RELEASE and in the upcoming 15.0-RELEASE. You can find more details and background about its introduction on Phabricator [2]. It might still be worthwhile to implement read-only access to the routing table for jails, rather than providing full read-write permissions. 1. https://github.com/freebsd/freebsd-src/commit/3a53fe2cc4b7076003163376a7db65e432f6283e 2. https://reviews.freebsd.org/D49843 Cheers Marekhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?11798f26-dd39-4ed0-aecf-3b0b8ada416d>