[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-doc
Subject:    Re: lack in the firewall chapter
From:       "Simon L. Nielsen" <simon () freebsd ! org>
Date:       2003-10-28 14:19:33
[Download RAW message or body]


On 2003.10.28 09:09:06 -0500, Ken Smith wrote:
> On Tue, Oct 28, 2003 at 12:00:41PM -0200, Gabriel C. de Barros wrote:
> 
> > i've spend two days trying to set ipfw or ipf .. before i understant that i 
> > should lower my kernel security settings before messing with the rules.
> > 
> > I think the handbook should mention that, at least in a footnote or 
> > something.
> > 
> > It was hard to find the answer, but while searching for it, i realized it's 
> > a very common new-user mistake.
> 
> I have a couple of ipfw related PR's I need to work on, I can take
> care of this as part of finishing those up.
> 
> Basically you're saying if you have raised the security level of the
> kernel above 0 you can no longer change the ipfw rules.

From ipfw(8):

     ·   The ipfw filter list may not be modified if the system security level
         is set to 3 or higher (see init(8) for information on system security
         levels).

I haven't tested it, and I seem to remember some problems with
securelevel and ipfw not being honored correctly in the past, so you
might want to check the source.

-- 
Simon L. Nielsen
FreeBSD Documentation Team

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]