From owner-freebsd-questions@FreeBSD.ORG Tue Apr 5 14:51:04 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 61D0A16A4CE for ; Tue, 5 Apr 2005 14:51:04 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id A55E943D39 for ; Tue, 5 Apr 2005 14:51:03 +0000 (GMT) (envelope-from perikillo@gmail.com) Received: by rproxy.gmail.com with SMTP id a41so1486671rng for ; Tue, 05 Apr 2005 07:51:03 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:references; b=D/UBZVdMfPgQbe8/lCAGRYxjciYUPDfSc84Y4cbRY+q9t8reuxvgZsiVkrDxiZARGKvI+bjj4R602cfgOqYzACoIy5hYlAWK/dt8ORLArnN45Bs1mUPU3wDa5VcmCOdaHw27T4KxWFr+5viUxysAdZDQ/aANHrcWhpM2Tt0AbH8= Received: by 10.38.86.68 with SMTP id j68mr6467829rnb; Tue, 05 Apr 2005 07:51:01 -0700 (PDT) Received: by 10.38.98.28 with HTTP; Tue, 5 Apr 2005 07:51:01 -0700 (PDT) Message-ID: <51d7a51605040507515405df70@mail.gmail.com> Date: Tue, 5 Apr 2005 07:51:01 -0700 From: perikillo To: freebsd-questions@freebsd.org In-Reply-To: <51d7a516050404090660bb68ed@mail.gmail.com> Mime-Version: 1.0 References: <51d7a516050404090660bb68ed@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: (Solve)Re: Securelevel dont let ipf read rules... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: perikillo List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Apr 2005 14:51:04 -0000 One big mistake by my part. like you see below, i was having problems with= =20 secure level and ipf, but the problem was this: My old /etc/rc.conf was: kernel_securelevel=3D3 But after checking man rc.conf again, is kern_securelevel This way rc.conf dont let freebsd set that variable, now i can run ipf with= =20 the secure level 3, thanks to all. On Apr 4, 2005 9:06 AM, perikillo wrote: >=20 > Hi all, i was testing my firewaill with Freebsd 4.11 Release and ipf on= =20 > the kernel. I have ppp setup to run on every time i turn on the system, i= =20 > was using securelevel=3D2 on the /etc/sysctl.conf > kern.securelevel=3D2 > and /etc/rc.conf > /etc/rc.conf: > kernel_securelevel=3D2 >=20 > After i see that my firewall was ready to start his job, i decide to=20 > change the secure level to paranoid level and change the secure level to = 3: > /etc/sysctl.conf: > kern.securelevel=3D3 > /etc/rc.conf: > kernel_securelevel=3D3 >=20 > Went i restart my computer, and try to access with my other computer wich= =20 > use Windows 2k, i try to access the internet, and see that my browser don= t=20 > find nothing, make some test on it, but no access to the outside world. I= go=20 > back to my firewall and test the conecction: >=20 > test#ifconfig >=20 > This show that i was conected, then test with ping, fastest_cvsup none of= =20 > then reach the outside world. After this i test ipf : >=20 > test#ipfstat -hio > upsssssssssssssss, dont have any rules on my firewall, the i go to: >=20 > test# ee /var/log/console >=20 > I go to the end of the file and read my last boot up messages and see tha= t=20 > went my system try read the /etc/ipf.rules and /etc/ipmon.rules the syste= m=20 > secure level=3D3 on /etc/syctl.conf dont let ipf and ipnat to charge his = rules=20 > set.=20 > "Operation Not Permite" (something like this mmmm dont remember the right= =20 > messages :-\) >=20 > /etc/sysctl.conf goes before /etc/rc.conf, i was thinking that if i setup= =20 > securelevel=3D1 on sysctl.conf and then on rc.conf after ipf and ppp star= t,=20 > setup securelevel to 3, but my rc.conf dosent do nothing.=20 >=20 > How can i reach securelevel=3D3 and run my firewall, i dont want to input= =20 > nothing directly i want that baby(freebsd) do every thing automatically,= =20 > maybe i need to setup a script??? >=20 > Or i am doing something wrong? >=20 > I read man init but dont see nothing about this issue... >=20 > Thanks all for your comments. > NOTE: Freebsd 4.11 Release, ipfilter compile in the kernel. This machine= =20 > run only my firewall no servers is an old pentium 100Mhz. I try to write = my=20 > best english. >=20 >=20 >=20 >