Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 13 Jan 2003 15:07:00 +0100
From:      Pawel Jakub Dawidek <nick@garage.freebsd.pl>
To:        Bruce Evans <bde@zeta.org.au>
Cc:        Matthew Dillon <dillon@apollo.backplane.com>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, luigi@freebsd.org
Subject:   Re: cvs commit: src/sbin/ipfw ipfw.8 ipfw2.c
Message-ID:  <20030113140700.GP9430@garage.freebsd.pl>
In-Reply-To: <20030113222917.C12128-100000@gamplex.bde.org>
References:  <20030113082610.GH9430@garage.freebsd.pl> <20030113222917.C12128-100000@gamplex.bde.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
On Mon, Jan 13, 2003 at 10:31:27PM +1100, Bruce Evans wrote:
+> This is noted in the log message:
[...]

Ok, could someone commit this?

--- ip_fw2.c.orig	Fri Dec 27 18:43:25 2002
+++ ip_fw2.c	Mon Jan 13 15:02:54 2003
@@ -111,9 +111,32 @@
 
 #ifdef SYSCTL_NODE
 SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall");
-SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, enable,
-    CTLFLAG_RW | CTLFLAG_SECURE,
-    &fw_enable, 0, "Enable ipfw");
+
+static int
+sysctl_net_inet_ip_fw_enable(SYSCTL_HANDLER_ARGS)
+{
+	int error, enable;
+
+	enable = fw_enable;
+	error = sysctl_handle_int(oidp, &enable, 0, req);
+	if (error != 0 || req->newptr == NULL || enable == fw_enable)
+		return (error);
+
+#if __FreeBSD_version >= 500034
+	error = securelevel_ge(req->td->td_ucred, 3);
+	if (error != 0)
+		return (error);
+#else
+	if (securelevel >= 3)
+		return (EPERM);
+#endif
+	fw_enable = enable;
+
+	return(0);
+}
+SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, enable, CTLTYPE_INT | CTLFLAG_RW, 0, 0,
+    sysctl_net_inet_ip_fw_enable, "I", "Enable ipfw");
+
 SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, autoinc_step, CTLFLAG_RW,
     &autoinc_step, 0, "Rule number autincrement step");
 SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, one_pass,

-- 
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iQCVAwUBPiLIBD/PhmMH/Mf1AQHHygP/Ri7PpkYbJqnVYlj6xa95MX/AumdtiDvw
DdN1y1GM7bQGTcN7olkOH0y8xLbVTW1KkkJmBmG5aa58LxR8z8+pIT80IIckDMjv
R/NHRTm7Ysx2c5/VlxzhVmKV39U4bcHzcnC7w5GtHY7ig+Gf6BcnNOTtSBwL3wco
zEV0D4/cIU8=
=7t1d
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030113140700.GP9430>