Date: Mon, 10 Jul 2006 10:22:24 +0300 From: "Alexander Mogilny" <amogilny@gmail.com> To: "Umar Draz" <sync_mastar@yahoo.com> Cc: freebsd-i386@freebsd.org Subject: Re: kernel secure level?? Message-ID: <7403d2a30607100022s433489d1pce3260c383a73a5f@mail.gmail.com> In-Reply-To: <20060709183758.55907.qmail@web42208.mail.yahoo.com> References: <20060709183758.55907.qmail@web42208.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 7/9/06, Umar Draz <sync_mastar@yahoo.com> wrote: > hi dear members!! > > i have FreeBSD 6.1 machine I configure > > kern_securelevel_enable="YES" > kern_securelevel="2" > > When i update my ipfilter or ipnat rules i got this error. > > ioctl(SIOCIPFFL): Operation not permitted > 2:ioctl(add/insert rule): Operation not permitted > 3:ioctl(add/insert rule): Operation not permitted > 5:ioctl(add/insert rule): Operation not permitted > 6:ioctl(add/insert rule): Operation not permitted > 7:ioctl(add/insert rule): Operation not permitted > 1:ioctl(add/insert rule): Operation not permitted > ioctl(SIOCIPFL6): Operation not permitted > > Please help me what should i do to update ipfilter and ipnat rules within kern_securelevel > You should first decrease securelevel by changing kern.securelevel sysctl value. This can be achieved by following command: sysctl kern.securelevel=-1 Then you may change your ipfilter configuration and set your securelevel to previous value: sysctl kern.securelevel=2 For more information on securelevel options refer to init (8) manual page. -- AIM-UANIC +-----[ FreeBSD ]-----+ Alexander Mogilny | The Power to Serve! | <> sg@portaone.com +---------------------+
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7403d2a30607100022s433489d1pce3260c383a73a5f>