To allow ping and traceroute commands inside a FreeBSD jail, you will need to modify the jail’s configuration to allow ICMP traffic.
- Edit the jail’s configuration file:
sudo vi /etc/jail.conf
- Add the following line to the configuration file, replacing
jail_namewith the name of your jail:exec.start += "sh /etc/rc.initial.jail_name"
This line will execute the script
/etc/rc.initial.jail_namewhen the jail starts. - Create the script
/etc/rc.initial.jail_namewith the following content:# Enable ICMP
sysctl net.inet.icmp.icmplim=0
This script sets the
net.inet.icmp.icmplimsystem variable to 0, which allows unlimited ICMP traffic to and from the jail. - Restart the jail:
sudo /etc/rc.d/jail restart jail_name
After completing these steps, the jail should allow ping and traceroute commands to be executed inside it. Note that allowing ICMP traffic in this way may decrease the security of the jail, so you should carefully consider the implications of this change before implementing it.