From owner-freebsd-stable Tue Jan 29 9: 2:40 2002 Delivered-To: freebsd-stable@freebsd.org Received: from nova.fnal.gov (nova.fnal.gov [131.225.121.207]) by hub.freebsd.org (Postfix) with ESMTP id 0F24F37B417 for ; Tue, 29 Jan 2002 09:02:34 -0800 (PST) Received: (from neswold@localhost) by nova.fnal.gov (8.10.2+Sun/8.10.2) id g0TH23D02439; Tue, 29 Jan 2002 11:02:03 -0600 (CST) Date: Tue, 29 Jan 2002 11:02:03 -0600 From: Rich Neswold To: Patrick Greenwell Cc: stable@FreeBSD.ORG Subject: Re: Firewall config non-intuitiveness Message-ID: <20020129110203.A1356@spiv.fnal.gov> Reply-To: neswold@fnal.gov References: <20020124201411.A39351-100000@rockstar.stealthgeeks.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="x+6KMIRAuhnl3hBn" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020124201411.A39351-100000@rockstar.stealthgeeks.net>; from patrick@stealthgeeks.net on Thu, Jan 24, 2002 at 08:21:50PM -0800 Organization: Fermi National Accelerator Laboratory X-PGP-RSAfprint: 0A C8 A5 76 DF 8E E1 B3 F3 97 BE 73 DA CD 4B C9 X-PGP-RSAkey: finger neswold@nova.fnal.gov X-Operating-System: SunOS 5.8 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --x+6KMIRAuhnl3hBn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable If memory serves, didn't Patrick Greenwell say: >=20 > I recently got bit by this: I have firewall options configured into my > kernel, and made the mistake... Since we're talking about the firewall... In my local source, I've patched the firewall code to make the kernel variable "net.inet.ip.fw.enable" secure (which means it can't change if the kernel secure level is raised.) I run my firewall system at secure level 3 (which prevent rules from being changed). It was useful to be able to shut off the firewall at level 3 to tweak the rules. But now that they've stabilized, I like not being able to bring down the firewall. Getting back on topic: Maybe "firewall_enable=3Dno" can set net.inet.ip.fw.enable to 0. :-) --=20 Rich =20 ------------------------------------------------------------------------ Richard Neswold, Beams Division / Controls Dept | neswold@fnal.gov Fermilab, PO Box 500, MS 360, Batavia, IL 60510 | voice 1.630.840.3454 | fax 1.630.840.3093 --x+6KMIRAuhnl3hBn Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBPFbVityo48HBVqoBAQHatgQAnh5H5pQKFsgEhVo+liblscCd1+A+yqkf lgjRaq3zcl6YKQL+kiD0YTR8fPMF7P/kSsB/LHJV8rIRASndvZreCY3rv6a6QOss 2ozFGemAD+W4li9vvbcUeEFihj201h4P/H1p1a8+srJ1vLl0tvWZrOzsufWnZCQG PlT0O+juwYE= =4huA -----END PGP SIGNATURE----- --x+6KMIRAuhnl3hBn-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message