Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 28 May 2003 18:32:45 +0200
From:      "Simon L. Nielsen" <simon@nitro.dk>
To:        Santos <sansan@cas.port995.com>
Cc:        freebsd-security@freebsd.org
Subject:   Re: ipfirewall(4)) cannot be changed
Message-ID:  <20030528163245.GF974@nitro.dk>
In-Reply-To: <3ED4DE5E.4080600@cas.port995.com>
References:  <3ED06967.90306@cas.port995.com> <20030525234819.U21691@gothmog> <3ED19590.80309@cas.port995.com> <20030526075447.GA29390@gothmog.gr> <3ED4DE5E.4080600@cas.port995.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--lteA1dqeVaWQ9QQl
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


[Summary: net.inet.ip.fw.enable can be changed at any securelevel on
RELENG_4]

On 2003.05.28 17:05:50 +0100, Santos wrote:
> Giorgos Keramidas wrote:
>=20
[CUT]
> ><<<<<<<
> >Index: ip_fw.c
> >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> >RCS file: /home/ncvs/src/sys/netinet/ip_fw.c,v
> >retrieving revision 1.131.2.39
> >diff -u -r1.131.2.39 ip_fw.c

[CUT]

> >--- ip_fw.c	20 Jan 2003 02:23:07 -0000	1.131.2.39
> This doesn't fix the problem. Maybe this only fixes IPFW1 and not IPFW2=
=20
> too?...

Yes that fix was only for ipfw1.  ipfw2 already have this fixed in
-CURRENT (sys/netinet/ip_fw2.c v. 1.11 and 1.23) but was apparently
never MFC'ed to -STABLE... This is also PR kern/39396.

I CC'ed Crist J. Clark who added to code to -CURRENT, in hope that he
has somed time to look at it.

--=20
Simon L. Nielsen

--lteA1dqeVaWQ9QQl
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)

iD8DBQE+1OSt8kocFXgPTRwRAhmtAJ9uErNf+VT9k9mFQ2YBKlRr7/LgCQCfSGvj
RwqVIBXP9pt2vf4adrhX5Xk=
=g4G3
-----END PGP SIGNATURE-----

--lteA1dqeVaWQ9QQl--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030528163245.GF974>