|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: jails, ipfilter & stunnel
From: Uwe Doering (gemini
geminix.org)
Date: Tue Jul 15 2003 - 02:19:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
V. Jones wrote:
>>Good point. I forgot to mention that you should bind daemons running
>>outside the jails explicitly to the server's IP address. This
>>circumvents the problem you've pointed out. But I agree with you that
>>people would be less likely to shoot themselves in the foot if the
>>kernel took care of things in this situation.
>
> Oh - okay. The directions I followed in "Absolute BSD" had me configure
> all Daemons so that they only listened on the main ip address. Is this
> what you guys are talking about it? Actually, the book said the jailed
> server wouldn't even start if this wasn't done.
>
> For example, in my /etc/ssh/sshd_config:
>
> ListenAddress x.x.x.8
Yes, this is the way to do it.
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
geminigeminix.org | http://www.escapebox.net
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]