[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ezjail] stop jail from accessing internal IPs on host
- To: ezjail AT erdgeist DOT org
- Subject: Re: [ezjail] stop jail from accessing internal IPs on host
- From: "Cyberia / Jisri" <mjisri AT gmail DOT com>
- Date: Mon, 24 Jan 2011 13:19:02 -0500
- Delivered-to: mailing list ezjail AT erdgeist DOT org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=5LB853U04mYQylb8fhpd2ymyDjfBJnrFOKZ4nsyZ+Es=; b=Z4KLu0RziGVvnverViNgZNYzzlP4P7LfRoecEXYdYZ90PRksFaQUVabEcBfjgyhakV 93IZSy5G4dEFOXZc/Sup8styDSVnzfWtoeL/q21t9hL+xdDy/sj8ERQhJTGMAsfPuR/d tpkomGkiTBhwbZJXJqVGpfxwB01mH+VCaO2m4=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=hZ7UXXucBt6HDhWaYWbt+amMe4cs1hXbpN9htwZPuHlvQK+ijTPe04cKuuSV9ivzKh 6hZG5irwV3/cWxEpI1HDJR6jrmdJdFZxq+FXSetteJu6IyfVyHGorZpwOX6Y9Y2lUQQU 51KsI5Z3745a7ezsEiYhlZslgDq5lZyfcNkN4=
- In-reply-to: <4D3DB7A6.9020807 AT erdgeist DOT org>
- Mailing-list: contact ezjail-help AT erdgeist DOT org; run by ezmlm
- References: <AANLkTi=0P_UqPYAOeUA500m+LMdAa2bCwbSccG4oD0LB AT mail.gmail DOT com> <4D3DB7A6.9020807 AT erdgeist DOT org>
Thank you Dirk.
yes I meant 192.168.x.x on the host.
I thought maybe there is a tweak or an option I missed to keep the
jail within the given ip address only.
it might be a nice security feature if it is dueable.
Will use the firewall rule as you adviced.
Have a great day.
On Mon, Jan 24, 2011 at 12:32 PM, Dirk Engling <erdgeist AT erdgeist DOT org>
On 23.01.11 07:34, Cyberia / Jisri wrote:
This is a classical job for a firewall. I guess you have configured your
> to clarify I have a jail with public ip x.x.x.212
> and on the host I have an internal ip 188.8.131.52 to access some
> network devices.
> my question is can I stop jail users from accessing the internal devices
> using jail configurations/settings or a firewall is a must?
host as ip-forwarder anyway, so there is a route for your jail to see
192.162(?! you mean 168?)/16. So when ipfw is running anyway, why not
add a rule to deny x.x.x/24=>192.168/16?