mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-03 23:28:58 +00:00
831c6b8edd
Jails without VNET have complete access to the ipfilter rules, NAT,
pools and logs. This is insecure. Only allow jails to manipulate
ipfilter rules, NAT tables and ippools if the jail has its own VNET.
Otherwise a jail can affect the global system.
This patch brings ipfilter in line with ipfw's support of VNET jails and
non-support of non-VNET jails.
(cherry picked from commit
|
||
---|---|---|
.. | ||
common | ||
ipf | ||
ipfs | ||
ipfstat | ||
ipfsync | ||
ipftest | ||
iplang | ||
ipmon | ||
ipnat | ||
ippool | ||
ipresend | ||
ipscan | ||
ipsend | ||
libipf | ||
Makefile | ||
Makefile.inc |