Issue with running 'pkg update' from jails with "net.inet.tcp.blackhole=2" sysctl.
Allan Jude
allanjude at freebsd.org
Sat Nov 28 01:49:27 UTC 2015
On 2015-11-27 15:25, Goran Tepšić wrote:
> Hi, I just discovered this little sysctl tweak (*net.inet.tcp.blackhole=2*)
> which from what I understood can help hiding host from network scanners or
> at least slow them down.
>
> Everything works just fine except when updating jail (*running pkg
> update / upgrade*) off the host's Nginx instance serving Poudriere-built
> packages and with this sysctl set, update/upgrade command just hangs, not
> sure why.
>
> Anyone having same issue?
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
>
If it is connecting to a port that is not open, instead of an error, it
will have to wait 2+ minutes for the connection to timeout.
I am not sure what is happening, but i imagine if you leave it long
enough, something will happen.
--
Allan Jude
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20151127/1afde329/attachment.bin>
More information about the freebsd-jail
mailing list