From owner-freebsd-security  Mon May 14  5:30:37 2001
Delivered-To: freebsd-security@freebsd.org
Received: from garuda.barc.ernet.in (garuda.barc.ernet.in [202.41.86.4])
	by hub.freebsd.org (Postfix) with ESMTP id B4CD237B423
	for <freebsd-security@FreeBSD.org>; Mon, 14 May 2001 05:30:13 -0700 (PDT)
	(envelope-from root@apsara.barc.ernet.in)
Received: from apsara.barc.ernet.in (apsara.barc.ernet.in [192.168.1.21])
	by garuda.barc.ernet.in (8.9.3/8.9.3) with ESMTP id RAA02652
	for <freebsd-security@FreeBSD.org>; Mon, 14 May 2001 17:56:56 +0530 (IST)
	(envelope-from root@apsara.barc.ernet.in)
Received: from localhost (root@localhost)
	by apsara.barc.ernet.in (8.9.3/8.9.3) with ESMTP id SAA18837
	for <freebsd-security@FreeBSD.org>; Mon, 14 May 2001 18:07:02 +0530
Date: Mon, 14 May 2001 18:07:02 +0530 (IST)
From: root <root@apsara.barc.ernet.in>
To: <freebsd-security@FreeBSD.org>
Subject: ipfw rules and securelevel
Message-ID: <Pine.LNX.4.33.0105141802230.18115-100000@apsara.barc.ernet.in>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Dear friends,
	Even in securelevel 3 I can bypass ipfw rules. In securelevel 3 I
as root can change the variable "net.inet.ip.fw.enable" using sysctl. When
I run a command

	sysctl -w net.inet.ip.fw.enable=0

	It disables the ipfw rules.

Is it a feature or hole in freebsd.


please help

RS


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message