diff -up vsftpd-3.0.2/vsftpd.conf.5.docupd vsftpd-3.0.2/vsftpd.conf.5 --- vsftpd-3.0.2/vsftpd.conf.5.docupd 2014-06-05 09:47:27.987876849 +0200 +++ vsftpd-3.0.2/vsftpd.conf.5 2014-06-05 09:47:27.989876848 +0200 @@ -652,6 +652,21 @@ change it with the setting .BR xferlog_file . Default: NO +.TP +.B isolate_network +If enabled, use CLONE_NEWNET to isolate the untrusted processes so that +they can't do arbitrary connect() and instead have to ask the privileged +process for sockets ( +.BR port_promiscuous +have to be disabled). + +Default: YES +.TP +.B isolate +If enabled, use CLONE_NEWPID and CLONE_NEWIPC to isolate processes to their +ipc and pid namespaces. So separated processes can not interact with each other. + +Default: YES .SH NUMERIC OPTIONS Below is a list of numeric options. A numeric option must be set to a non @@ -749,8 +764,9 @@ Default: 077 .B max_clients If vsftpd is in standalone mode, this is the maximum number of clients which may be connected. Any additional clients connecting will get an error message. +The value 0 switches off the limit. -Default: 0 (unlimited) +Default: 2000 .TP .B max_login_fails After this many login failures, the session is killed. @@ -760,9 +776,9 @@ Default: 3 .B max_per_ip If vsftpd is in standalone mode, this is the maximum number of clients which may be connected from the same source internet address. A client will get an -error message if they go over this limit. +error message if they go over this limit. The value 0 switches off the limit. -Default: 0 (unlimited) +Default: 50 .TP .B pasv_max_port The maximum port to allocate for PASV style data connections. Can be used to