Date: Sat, 23 Jan 2010 16:40:35 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/kern kern_jail.c src/sys/netinet in_pcb.c src/sys/netinet6 in6_src.c src/sys/sys jail.h src/usr.sbin/jail jail.8 Message-ID: <201001231645.o0NGjp5k077680@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
bz 2010-01-23 16:40:35 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_8)
sys/kern kern_jail.c
sys/netinet in_pcb.c
sys/netinet6 in6_src.c
sys/sys jail.h
usr.sbin/jail jail.8
Log:
SVN rev 202891 on 2010-01-23 16:40:35Z by bz
MFC r202468:
Add ip4.saddrsel/ip4.nosaddrsel (and equivalent for ip6) to control
whether to use source address selection (default) or the primary
jail address for unbound outgoing connections.
This is intended to be used by people upgrading from single-IP
jails to multi-IP jails but not having to change firewall rules,
application ACLs, ... but to force their connections (unless
otherwise changed) to the primry jail IP they had been used for
years, as well as for people prefering to implement similar policies.
Note that for IPv6, if configured incorrectly, this might lead to
scope violations, which single-IPv6 jails could as well, as by the
design of jails. [1]
Reviewed by: jamie, hrs (ipv6 part)
Pointed out by: hrs [1]
Revision Changes Path
1.118.2.9 +108 -2 src/sys/kern/kern_jail.c
1.260.2.3 +7 -0 src/sys/netinet/in_pcb.c
1.74.2.3 +7 -0 src/sys/netinet6/in6_src.c
1.50.2.4 +6 -0 src/sys/sys/jail.h
1.97.2.3 +12 -4 src/usr.sbin/jail/jail.8
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001231645.o0NGjp5k077680>