Skip to main content

Browse the archive

swh:1:snp:2ca5d6eff8f04a671c0d5b13646cede522c64b7d
Revision 7237f7e8f652392d9edca6b6c3f788b9aaa05ef9 authored by Bjoern A. Zeeb on 24 January 2010, 14:05:56 UTC, committed by Bjoern A. Zeeb on 24 January 2010, 14:05:56 UTC 
MFC r202468:
 
 Add security.jail.ip4_saddrsel/ip6_nosaddrsel sysctls to control
 whether to use source address selection (default) or the primary
 jail address for unbound outgoing connections.

 This is intended to be used by people upgrading from single-IP
 jails to multi-IP jails but not having to change firewall rules,
 application ACLs, ... but to force their connections (unless
 otherwise changed) to the primry jail IP they had been used for
 years, as well as for people prefering to implement similar policies.

 Note that for IPv6, if configured incorrectly, this might lead to
 scope violations, which single-IPv6 jails could as well, as by the
 design of jails. [1]

 Note that in contrast to FreeBSD 8.x and newer, where we have
 per-jail options, the sysctls are global for all jails.

 Reviewed by:		jamie, hrs (ipv6 part) [for HEAD]
 Pointed out by:	hrs [1]
 Tested by:		Jase Thew (bazerka beardz.net) (IPv4)

Approved by:	re (kib)
1 parent 300a025
History
Tip revision: 69f28986ad97c1e3d55279d696d1884c963f530e authored by Ken Thompson on 30 June 1970, 10:00:00 UTC
Research PDP7 development
Tip revision: 69f2898
File Mode Size
bin
cddl
contrib
crypto
etc
games
gnu
include
kerberos5
lib
libexec
release
rescue
sbin
secure
share
sys
tools
usr.bin
usr.sbin
ALU-USA-statement.pdf -rw-r--r-- 38.0 KB
COPYRIGHT -rw-r--r-- 6.0 KB
Caldera-license.pdf -rw-r--r-- 12.0 KB
LICENSE -rw-r--r-- 14.8 KB
LOCKS -rw-r--r-- 354 bytes
MAINTAINERS -rw-r--r-- 6.7 KB
Makefile -rw-r--r-- 11.7 KB
Makefile.inc1 -rw-r--r-- 38.2 KB
ObsoleteFiles.inc -rw-r--r-- 190.4 KB
README -rw-r--r-- 3.0 KB
README.md -rw-r--r-- 16.2 KB
UPDATING -rw-r--r-- 43.4 KB

README.md

back to top