[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] n00b questions



Don Munyak wrote:
> My rc.conf for jailwiki now looks like this
> 
> ----{Configure:rc.conf}
> # This file now contains the commands for /home/wiki/etc/rc.conf.
> sshd_enable="YES"
> 
> #----EOF----
> 
> ?? -->>Since this is a jail, do I still need to add to
> /home/wiki/etc/rc.conf
> named_enable="YES"
> saver="blank"
> sendmail_enable="NO"
> syslogd_enable="YES"
> syslogd_flags="-ss"
> log_in_vain="YES"
> accounting_enable="YES"
> clear_tmp_enable="YES"
> update_motd="NO"
> icmp_drop_redirect="YES"
> icmp_log_redirect="YES"
> icmp_bmcastecho="NO"
> icmp_bandlim="YES"
> tcp_keepalive="YES"
> tcp_extensions="NO"
> kern_securelevel_enable="YES"
> kern_securelevel="-1"

If you need some of the option, yes. But you can't configure ip stuff in
the jail. So icmp, tcp and also secure levels will not work in the jail.

> ?? -->> Is Jail access maintained by the host ipf.rules, or do I need
> to enable this as well for the given jail.
> 
> ipfilter_enable="YES"
> ipfilter_rules="/etc/ipf.rules"
> firewall_logging="YES"
> ipmon_enable="YES"
> ipmon_flags="-Dvn /var/log/firewall.log"

Thats ip stuff as well.

greetings,
philipp