Date: Thu, 23 Nov 2000 17:42:31 +0300 From: Ekaterina Ivannikova <kate@gutatelecom.ru> To: freebsd-security@freebsd.org Subject: How to isolate jails from the host system ? Message-ID: <20001123174231.A4498@hub.all.yans.ru>
next in thread | raw e-mail | index | archive | help
Hi All, what is the recommended way of isolating jails from the host system with regard to tcp/ip connections ? It appeares that though processes in a jail are not allowed to bind to the host system's ip address, they are still assigned this ip address if they try to connect to daemons running on the host system. Thus placing filters on lo0 doesn't help as the host system cannot distinguish between clients coming from a jail and its own processes. I'm running 4.2-STABLE cvsuped on Nov 21 if it matters. Regards, Ekaterina Ivannikova To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001123174231.A4498>