FreeBSD Mail Archives

Date:      Fri, 23 Mar 2012 07:23:16 GMT
From:      AlexSav <tomefrom@list.ru>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/166336: kern.securelevel 3 +pf reload
Message-ID:  <201203230723.q2N7NGd9043750@red.freebsd.org>
Resent-Message-ID: <201203230730.q2N7U1T6040726@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help


>Number:         166336
>Category:       kern
>Synopsis:       kern.securelevel 3 +pf reload
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 23 07:30:01 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     AlexSav
>Release:        8.2
>Organization:
>Environment:
FreeBSD srv 8.2-RELEASE-p5 FreeBSD 8.2-RELEASE-p5 #24: Tue Dec 27 17:23:57 GMT 2011 user@srv:/usr/obj/usr/src/sys/PAE i386
>Description:
I use kern.securelevel 3 on my server. If in pf.conf I put 
set skip in lo0
after pf reload all trafic on interface lo0 is blocking.
#/etc/rc.d/pf reload
 Reloading pf rules
 pfctl: DIOCOSFPFLUSH: Operation not permitted
#telnet 127.0.0.1 3306
telnet: connect to address 127.0.0.1: Operation not permitted

If in pf.conf I put 
pass quick on lo0
all works fine.

I.e. pf reload flush "set skip" in spite of kern.securelevel 3.
>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201203230723.q2N7NGd9043750>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation