Date: Thu, 03 Apr 1997 20:42:57 -0600 From: Alex Nash <nash@mcs.com> To: Joerg Wunsch <joerg_wunsch@uriah.heep.sax.de> Cc: hackers@freebsd.org, avalon@coombs.anu.edu.au Subject: Re: securelevel & IP filter Message-ID: <33446AB1.41C67EA6@mcs.com> References: <199704031317.FAA21733@freefall.freebsd.org> <19970403233738.KY42145@uriah.heep.sax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
J Wunsch wrote: > > As Darren Reed wrote: > > > It has been suggested that IP Filter disallow changes to filter rules if > > securelevel is set to some level...(I think 3 was the suggestion). > > I personally think securelevel 2 would be sufficient. It blocks > already enough things, like running an Xserver :). > > But the most important is that you make this consistent throughout all > BSDs, including BSD/OS, if possible. There's some (albeit arbitrary) precedence for using 3 already in ipfw. The main reason 2 was avoided was principle of least surprise. Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?33446AB1.41C67EA6>