Date: Tue, 28 Oct 2003 15:19:33 +0100 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Ken Smith <kensmith@cse.Buffalo.EDU> Cc: "Gabriel C. de Barros" <gabrielcbarros@uol.com.br> Subject: Re: lack in the firewall chapter Message-ID: <20031028141931.GA415@arthur.nitro.dk> In-Reply-To: <20031028140906.GA24568@electra.cse.Buffalo.EDU> References: <3F9E7689.9020200@uol.com.br> <20031028140906.GA24568@electra.cse.Buffalo.EDU>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
On 2003.10.28 09:09:06 -0500, Ken Smith wrote:
> On Tue, Oct 28, 2003 at 12:00:41PM -0200, Gabriel C. de Barros wrote:
>
> > i've spend two days trying to set ipfw or ipf .. before i understant that i
> > should lower my kernel security settings before messing with the rules.
> >
> > I think the handbook should mention that, at least in a footnote or
> > something.
> >
> > It was hard to find the answer, but while searching for it, i realized it's
> > a very common new-user mistake.
>
> I have a couple of ipfw related PR's I need to work on, I can take
> care of this as part of finishing those up.
>
> Basically you're saying if you have raised the security level of the
> kernel above 0 you can no longer change the ipfw rules.
From ipfw(8):
· The ipfw filter list may not be modified if the system security level
is set to 3 or higher (see init(8) for information on system security
levels).
I haven't tested it, and I seem to remember some problems with
securelevel and ipfw not being honored correctly in the past, so you
might want to check the source.
--
Simon L. Nielsen
FreeBSD Documentation Team
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQE/nnrzh9pcDSc1mlERAnoQAKC+8zn6V/jZqY6CFQocW1f1IANxrACgr17f
EBLnr3G17aUXU7O3ig34i7A=
=zVak
-----END PGP SIGNATURE-----
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031028141931.GA415>