Originally Posted by kmoore134
This is disabled for security reasons by default. To enable run this
command via the CLI:
# warden set flags <jail ip> allow.raw_sockets=true
As long you do not document it in the application and the manual (before or when you write the code), it's a bug (severety: blocker, IMHO).
Once you documented it, it's a feature.
No one wants to read "traditional jail - best for servers", beeing asked for an IP number, and then not be able to ping; and then crowl the net for hours to find the solution.
Unfortunately, this is true for far too many "features" of PC-BSD. There are many many undocumented hidden assertions hard-coded
in the config scripts. To say it politely, that's sub-optimal. To say it clear: that's very bad programming style and the root of many subtle bugs and surprises.