Date: Mon, 01 Sep 2025 14:08:11 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 289234] pfctl -s all in a jail does not show pf information any more (regression?) Message-ID: <bug-289234-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289234 Bug ID: 289234 Summary: pfctl -s all in a jail does not show pf information any more (regression?) Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: rz-rpi03@h-ka.de Hello, wondering why blacklistd(8) does not block ports in a jail anymore I noticed that pfctl -s all does not show any pf information. With yesterdays CURRENT (host and jail) it shows in a jail $ pfctl -s all pfctl: DIOCGETRULES: Operation not permitted INFO: Status: Disabled Debug: None State Table Total Rate current entries 0 Counters pfctl: Operation not permitted TIMEOUTS: pfctl: DIOCGETTIMEOUT: Operation not permitted while it shows full information when executed at the host. git biscet reveals that the first commit which reduced the pf information in a jail is pf: mark netlink commands as requiring NETINET_PF privileges https://cgit.freebsd.org/src/commit/?id=e774c1ef27bc2883e05fcd26b5bbf775fdfe3e10 It looks like pf is not accessible by a jail any more and so blacklistd can not block ports from within a jail. Ralf -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-289234-227>