From owner-freebsd-i386@FreeBSD.ORG Mon Jul 10 07:22:26 2006 Return-Path: X-Original-To: freebsd-i386@freebsd.org Delivered-To: freebsd-i386@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0DDF16A4DD for ; Mon, 10 Jul 2006 07:22:26 +0000 (UTC) (envelope-from amogilny@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id F2B3C43D46 for ; Mon, 10 Jul 2006 07:22:25 +0000 (GMT) (envelope-from amogilny@gmail.com) Received: by ug-out-1314.google.com with SMTP id m3so1485505uge for ; Mon, 10 Jul 2006 00:22:24 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=kpxxZRst2B+19GBIFuYm9BT0U3m0TQUC2ptxSh1BesDiTj/Lmx8TLxiOXjuctR7Enc48B/h2IyRqPSxXtPF+9fCwhOGi4pAEKuE7cY8fGb/bEodjNWZQnSnuLOqXJBVltBzAuB1R7NC2WhytDsaKdHAym0h5+wBoCE+nVX3iOYg= Received: by 10.78.136.7 with SMTP id j7mr1542929hud; Mon, 10 Jul 2006 00:22:24 -0700 (PDT) Received: by 10.78.178.3 with HTTP; Mon, 10 Jul 2006 00:22:24 -0700 (PDT) Message-ID: <7403d2a30607100022s433489d1pce3260c383a73a5f@mail.gmail.com> Date: Mon, 10 Jul 2006 10:22:24 +0300 From: "Alexander Mogilny" To: "Umar Draz" In-Reply-To: <20060709183758.55907.qmail@web42208.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20060709183758.55907.qmail@web42208.mail.yahoo.com> Cc: freebsd-i386@freebsd.org Subject: Re: kernel secure level?? X-BeenThere: freebsd-i386@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: I386-specific issues for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jul 2006 07:22:26 -0000 On 7/9/06, Umar Draz wrote: > hi dear members!! > > i have FreeBSD 6.1 machine I configure > > kern_securelevel_enable="YES" > kern_securelevel="2" > > When i update my ipfilter or ipnat rules i got this error. > > ioctl(SIOCIPFFL): Operation not permitted > 2:ioctl(add/insert rule): Operation not permitted > 3:ioctl(add/insert rule): Operation not permitted > 5:ioctl(add/insert rule): Operation not permitted > 6:ioctl(add/insert rule): Operation not permitted > 7:ioctl(add/insert rule): Operation not permitted > 1:ioctl(add/insert rule): Operation not permitted > ioctl(SIOCIPFL6): Operation not permitted > > Please help me what should i do to update ipfilter and ipnat rules within kern_securelevel > You should first decrease securelevel by changing kern.securelevel sysctl value. This can be achieved by following command: sysctl kern.securelevel=-1 Then you may change your ipfilter configuration and set your securelevel to previous value: sysctl kern.securelevel=2 For more information on securelevel options refer to init (8) manual page. -- AIM-UANIC +-----[ FreeBSD ]-----+ Alexander Mogilny | The Power to Serve! | <> sg@portaone.com +---------------------+