IPFW2 logging inside VIMAGE Jails?
Kai Gallasch
k at free.de
Sat Apr 18 12:37:00 UTC 2015
Hi.
Is it possible at all to log actions of the IPFW2
firewall inside a running VIMAGE jail to the jail's syslog?
I'm asking, because I see no firewall log entries inside the jail's
/var/log/security log.
What I find is, that log messages of jails with active IPFW rules are
only logged on the jailhost (/var/log/security) - out of reach of any
local jail admins..
My kernel is built without firewall support. The ipfw.ko is loaded
dynamically when the server starts. No PF firewall is in use.
- FreeBSD 10.1-RELEASE-p9
- /dev/bpf available inside jails
- firewall logging enabled on the jailhost and also inside the jail
I found https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=178482 (2
years old, FreeBSD 9.1 related)
Cheers,
Kai.
--
PGP-KeyID = 0x70654D7C4FB1F588
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20150418/e1d07f36/attachment.sig>
More information about the freebsd-jail
mailing list