FreeBSD version ( uname -a ): 11.2 Release
CBSD version ( cbsd version ): 11.2.0
Per default on FreeBSD allow.raw_sockets is disabled. CBSD enable it as default without the possibility to switch it off, there is no config setting, only "cbsd makeconf" shows that it is there.
The jail root is allowed to create raw sockets. Setting
this parameter allows utilities like ping(8) and
traceroute(8) to operate inside the jail. If this is
set, the source IP addresses are enforced to comply with
the IP address bound to the jail, regardless of whether
or not the IP_HDRINCL flag has been set on the socket.
Since raw sockets can be used to configure and interact
with various network subsystems, extra caution should be
used where privileged access to jails is given out to
The text was updated successfully, but these errors were encountered: