From owner-freebsd-doc@FreeBSD.ORG  Tue Oct 28 06:09:08 2003
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
Delivered-To: freebsd-doc@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6A35416A4CE
	for <doc@freebsd.org>; Tue, 28 Oct 2003 06:09:08 -0800 (PST)
Received: from electra.cse.Buffalo.EDU (electra.cse.Buffalo.EDU
	[128.205.32.2])	by mx1.FreeBSD.org (Postfix) with ESMTP id 9686E43FBD
	for <doc@freebsd.org>; Tue, 28 Oct 2003 06:09:07 -0800 (PST)
	(envelope-from kensmith@cse.Buffalo.EDU)
Received: from electra.cse.Buffalo.EDU (kensmith@localhost [127.0.0.1])
	h9SE96us024647;	Tue, 28 Oct 2003 09:09:06 -0500 (EST)
Received: (from kensmith@localhost)
	by electra.cse.Buffalo.EDU (8.12.10/8.12.9/Submit) id h9SE96JU024646;
	Tue, 28 Oct 2003 09:09:06 -0500 (EST)
Date: Tue, 28 Oct 2003 09:09:06 -0500
From: Ken Smith <kensmith@cse.Buffalo.EDU>
To: "Gabriel C. de Barros" <gabrielcbarros@uol.com.br>
Message-ID: <20031028140906.GA24568@electra.cse.Buffalo.EDU>
References: <3F9E7689.9020200@uol.com.br>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3F9E7689.9020200@uol.com.br>
User-Agent: Mutt/1.4.1i
cc: doc@freebsd.org
Subject: Re: lack in the firewall chapter
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2003 14:09:08 -0000

On Tue, Oct 28, 2003 at 12:00:41PM -0200, Gabriel C. de Barros wrote:

> i've spend two days trying to set ipfw or ipf .. before i understant that i 
> should lower my kernel security settings before messing with the rules.
> 
> I think the handbook should mention that, at least in a footnote or 
> something.
> 
> It was hard to find the answer, but while searching for it, i realized it's 
> a very common new-user mistake.

I have a couple of ipfw related PR's I need to work on, I can take
care of this as part of finishing those up.

Basically you're saying if you have raised the security level of the
kernel above 0 you can no longer change the ipfw rules.

-- 
						Ken Smith
- From there to here, from here to      |       kensmith@cse.buffalo.edu
  there, funny things are everywhere.   |
                      - Theodore Geisel |