Date: Mon, 4 Apr 2005 09:06:41 -0700 From: perikillo <perikillo@gmail.com> To: freebsd-questions@freebsd.org Subject: Securelevel dont let ipf read rules... Message-ID: <51d7a516050404090660bb68ed@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all, i was testing my firewaill with Freebsd 4.11 Release and ipf on th= e=20 kernel. I have ppp setup to run on every time i turn on the system, i was= =20 using securelevel=3D2 on the /etc/sysctl.conf kern.securelevel=3D2 and /etc/rc.conf /etc/rc.conf: kernel_securelevel=3D2 After i see that my firewall was ready to start his job, i decide to change= =20 the secure level to paranoid level and change the secure level to 3: /etc/sysctl.conf: kern.securelevel=3D3 /etc/rc.conf: kernel_securelevel=3D3 Went i restart my computer, and try to access with my other computer wich= =20 use Windows 2k, i try to access the internet, and see that my browser dont= =20 find nothing, make some test on it, but no access to the outside world. I g= o=20 back to my firewall and test the conecction: test#ifconfig This show that i was conected, then test with ping, fastest_cvsup none of= =20 then reach the outside world. After this i test ipf : test#ipfstat -hio upsssssssssssssss, dont have any rules on my firewall, the i go to: test# ee /var/log/console I go to the end of the file and read my last boot up messages and see that= =20 went my system try read the /etc/ipf.rules and /etc/ipmon.rules the system= =20 secure level=3D3 on /etc/syctl.conf dont let ipf and ipnat to charge his ru= les=20 set.=20 "Operation Not Permite" (something like this mmmm dont remember the right= =20 messages :-\) /etc/sysctl.conf goes before /etc/rc.conf, i was thinking that if i setup= =20 securelevel=3D1 on sysctl.conf and then on rc.conf after ipf and ppp start,= =20 setup securelevel to 3, but my rc.conf dosent do nothing.=20 How can i reach securelevel=3D3 and run my firewall, i dont want to input= =20 nothing directly i want that baby(freebsd) do every thing automatically,=20 maybe i need to setup a script??? Or i am doing something wrong? I read man init but dont see nothing about this issue... Thanks all for your comments. NOTE: Freebsd 4.11 Release, ipfilter compile in the kernel. This machine ru= n=20 only my firewall no servers is an old pentium 100Mhz. I try to write my bes= t=20 english.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51d7a516050404090660bb68ed>