From owner-cvs-all Mon Jan 13 6: 7: 1 2003 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A660637B401; Mon, 13 Jan 2003 06:06:58 -0800 (PST) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 24AB643F3F; Mon, 13 Jan 2003 06:06:57 -0800 (PST) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id E4D533ABB2D; Mon, 13 Jan 2003 15:07:00 +0100 (CET) Date: Mon, 13 Jan 2003 15:07:00 +0100 From: Pawel Jakub Dawidek To: Bruce Evans Cc: Matthew Dillon , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, luigi@freebsd.org Subject: Re: cvs commit: src/sbin/ipfw ipfw.8 ipfw2.c Message-ID: <20030113140700.GP9430@garage.freebsd.pl> References: <20030113082610.GH9430@garage.freebsd.pl> <20030113222917.C12128-100000@gamplex.bde.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="bpVaumkpfGNUagdU" Content-Disposition: inline In-Reply-To: <20030113222917.C12128-100000@gamplex.bde.org> X-PGP-Key-URL: http://garage.freebsd.pl/jules.asc X-OS: FreeBSD 4.7-STABLE i386 User-Agent: Mutt/1.5.1i Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --bpVaumkpfGNUagdU Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 13, 2003 at 10:31:27PM +1100, Bruce Evans wrote: +> This is noted in the log message: [...] Ok, could someone commit this? --- ip_fw2.c.orig Fri Dec 27 18:43:25 2002 +++ ip_fw2.c Mon Jan 13 15:02:54 2003 @@ -111,9 +111,32 @@ =20 #ifdef SYSCTL_NODE SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, enable, - CTLFLAG_RW | CTLFLAG_SECURE, - &fw_enable, 0, "Enable ipfw"); + +static int +sysctl_net_inet_ip_fw_enable(SYSCTL_HANDLER_ARGS) +{ + int error, enable; + + enable =3D fw_enable; + error =3D sysctl_handle_int(oidp, &enable, 0, req); + if (error !=3D 0 || req->newptr =3D=3D NULL || enable =3D=3D fw_enable) + return (error); + +#if __FreeBSD_version >=3D 500034 + error =3D securelevel_ge(req->td->td_ucred, 3); + if (error !=3D 0) + return (error); +#else + if (securelevel >=3D 3) + return (EPERM); +#endif + fw_enable =3D enable; + + return(0); +} +SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, enable, CTLTYPE_INT | CTLFLAG_RW, 0= , 0, + sysctl_net_inet_ip_fw_enable, "I", "Enable ipfw"); + SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, autoinc_step, CTLFLAG_RW, &autoinc_step, 0, "Rule number autincrement step"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, one_pass, --=20 Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. --bpVaumkpfGNUagdU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPiLIBD/PhmMH/Mf1AQHHygP/Ri7PpkYbJqnVYlj6xa95MX/AumdtiDvw DdN1y1GM7bQGTcN7olkOH0y8xLbVTW1KkkJmBmG5aa58LxR8z8+pIT80IIckDMjv R/NHRTm7Ysx2c5/VlxzhVmKV39U4bcHzcnC7w5GtHY7ig+Gf6BcnNOTtSBwL3wco zEV0D4/cIU8= =7t1d -----END PGP SIGNATURE----- --bpVaumkpfGNUagdU-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message