From owner-freebsd-hackers Tue Dec 19 00:41:12 1995 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id AAA01058 for hackers-outgoing; Tue, 19 Dec 1995 00:41:12 -0800 (PST) Received: from critter.tfs.com ([140.145.230.252]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id AAA01053 for ; Tue, 19 Dec 1995 00:41:08 -0800 (PST) Received: from localhost.tfs.com (localhost.tfs.com [127.0.0.1]) by critter.tfs.com (8.6.12/8.6.12) with SMTP id JAA24127; Tue, 19 Dec 1995 09:40:22 +0100 X-Authentication-Warning: critter.tfs.com: Host localhost.tfs.com didn't use HELO protocol To: Nate Williams cc: "Frank ten Wolde" , hackers@FreeBSD.ORG Subject: Re: Order of rules in ip_fw chain In-reply-to: Your message of "Mon, 18 Dec 1995 10:11:34 MST." <199512181711.KAA23836@rocky.sri.MT.net> Date: Tue, 19 Dec 1995 09:40:21 +0100 Message-ID: <24125.819362421@critter.tfs.com> From: Poul-Henning Kamp Sender: owner-hackers@FreeBSD.ORG Precedence: bulk > > I think we disagree here, or our needs differ greatly :-) I still think > > it's better for safety that *if* my Bastion host is compromised (someone > > evil becomes root) they still cannot flush the fw chain. > > Agreed. My statement was made to say that I think we need to have more > security levels than the current version, so we can still have a secure > system and *still* allow modifications of the ipfw chain. It doesn't > have to be an all or nothing affair. I think having one global secure-level, and one level for each "feature" to override: This could for instance be done like this: sysctl -w kern.ipfw.securelevel=1 (if it's zero, the kern.securelevel decides.) sysctl -w kern.securelevel=2 -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Future will arrive by its own means, progress not so.