Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 29 Jan 2002 11:02:03 -0600
From:      Rich Neswold <neswold@fnal.gov>
To:        Patrick Greenwell <patrick@stealthgeeks.net>
Cc:        stable@FreeBSD.ORG
Subject:   Re: Firewall config non-intuitiveness
Message-ID:  <20020129110203.A1356@spiv.fnal.gov>
In-Reply-To: <20020124201411.A39351-100000@rockstar.stealthgeeks.net>; from patrick@stealthgeeks.net on Thu, Jan 24, 2002 at 08:21:50PM -0800
References:  <20020124201411.A39351-100000@rockstar.stealthgeeks.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

--x+6KMIRAuhnl3hBn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

If memory serves, didn't Patrick Greenwell say:
>=20
> I recently got bit by this: I have firewall options configured into my
> kernel, and made the mistake...

Since we're talking about the firewall... In my local source, I've patched
the firewall code to make the kernel variable "net.inet.ip.fw.enable"
secure (which means it can't change if the kernel secure level is raised.)

I run my firewall system at secure level 3 (which prevent rules from being
changed). It was useful to be able to shut off the firewall at level 3 to
tweak the rules. But now that they've stabilized, I like not being able to
bring down the firewall.

Getting back on topic: Maybe "firewall_enable=3Dno" can set
net.inet.ip.fw.enable to 0.  :-)

--=20
  Rich
=20
 ------------------------------------------------------------------------
  Richard Neswold, Beams Division / Controls Dept |     neswold@fnal.gov
  Fermilab, PO Box 500, MS 360, Batavia, IL 60510 | voice 1.630.840.3454
                                                  |   fax 1.630.840.3093

--x+6KMIRAuhnl3hBn
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBPFbVityo48HBVqoBAQHatgQAnh5H5pQKFsgEhVo+liblscCd1+A+yqkf
lgjRaq3zcl6YKQL+kiD0YTR8fPMF7P/kSsB/LHJV8rIRASndvZreCY3rv6a6QOss
2ozFGemAD+W4li9vvbcUeEFihj201h4P/H1p1a8+srJ1vLl0tvWZrOzsufWnZCQG
PlT0O+juwYE=
=4huA
-----END PGP SIGNATURE-----

--x+6KMIRAuhnl3hBn--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020129110203.A1356>