Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 28 Oct 2003 15:19:33 +0100
From:      "Simon L. Nielsen" <simon@FreeBSD.org>
To:        Ken Smith <kensmith@cse.Buffalo.EDU>
Cc:        "Gabriel C. de Barros" <gabrielcbarros@uol.com.br>
Subject:   Re: lack in the firewall chapter
Message-ID:  <20031028141931.GA415@arthur.nitro.dk>
In-Reply-To: <20031028140906.GA24568@electra.cse.Buffalo.EDU>
References:  <3F9E7689.9020200@uol.com.br> <20031028140906.GA24568@electra.cse.Buffalo.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help 

--RnlQjJ0d97Da+TV1
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2003.10.28 09:09:06 -0500, Ken Smith wrote:
> On Tue, Oct 28, 2003 at 12:00:41PM -0200, Gabriel C. de Barros wrote:
>=20
> > i've spend two days trying to set ipfw or ipf .. before i understant th=
at i=20
> > should lower my kernel security settings before messing with the rules.
> >=20
> > I think the handbook should mention that, at least in a footnote or=20
> > something.
> >=20
> > It was hard to find the answer, but while searching for it, i realized =
it's=20
> > a very common new-user mistake.
>=20
> I have a couple of ipfw related PR's I need to work on, I can take
> care of this as part of finishing those up.
>=20
> Basically you're saying if you have raised the security level of the
> kernel above 0 you can no longer change the ipfw rules.

=46rom ipfw(8):

     =B7   The ipfw filter list may not be modified if the system security =
level
         is set to 3 or higher (see init(8) for information on system secur=
ity
         levels).

I haven't tested it, and I seem to remember some problems with
securelevel and ipfw not being honored correctly in the past, so you
might want to check the source.

--=20
Simon L. Nielsen
FreeBSD Documentation Team

--RnlQjJ0d97Da+TV1
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/nnrzh9pcDSc1mlERAnoQAKC+8zn6V/jZqY6CFQocW1f1IANxrACgr17f
EBLnr3G17aUXU7O3ig34i7A=
=zVak
-----END PGP SIGNATURE-----

--RnlQjJ0d97Da+TV1--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031028141931.GA415>