# netstat from jail



## bbzz (Nov 2, 2012)

Is it possible to disable/restrict commands like netstat from inside a jail so to not reveal complete routing table information of the whole host system?


----------



## mamalos (Nov 2, 2012)

take a look at setfib(1).


----------



## bbzz (Nov 2, 2012)

Sorry, could you give an example?

I'm using that command to set up multiple routing tables, load balancing, etc. Which requires recompiling kernel, etc. 

Is there a simpler way to not allow a user from jail to see all host's interfaces and addressing with netstat? I could change permissions but I figure there has to be a way to restrict this globally for all jails.


----------

