From owner-freebsd-questions@FreeBSD.ORG  Tue Dec 28 23:34:13 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EE83616A4CF
	for <freebsd-questions@freebsd.org>;
	Tue, 28 Dec 2004 23:34:13 +0000 (GMT)
Received: from aiolos.otenet.gr (aiolos.otenet.gr [195.170.0.23])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0F7BE43D45
	for <freebsd-questions@freebsd.org>;
	Tue, 28 Dec 2004 23:34:13 +0000 (GMT)
	(envelope-from keramida@ceid.upatras.gr)
Received: from gothmog.gr (patr530-a152.otenet.gr [212.205.215.152])
	iBSNYARu022197;	Wed, 29 Dec 2004 01:34:11 +0200
Received: from gothmog.gr (gothmog [127.0.0.1])
	by gothmog.gr (8.13.1/8.13.1) with ESMTP id iBSNY9JG001120;
	Wed, 29 Dec 2004 01:34:09 +0200 (EET)
	(envelope-from keramida@ceid.upatras.gr)
Received: (from giorgos@localhost)
	by gothmog.gr (8.13.1/8.13.1/Submit) id iBSNY7vs001119;
	Wed, 29 Dec 2004 01:34:07 +0200 (EET)
	(envelope-from keramida@ceid.upatras.gr)
Date: Wed, 29 Dec 2004 01:34:07 +0200
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: dave <dmehler26@woh.rr.com>
Message-ID: <20041228233406.GB749@gothmog.gr>
References: <20041222223050.A67744@logik.ath.cx>
	<44is6ssbcf.fsf@be-well.ilk.org> <001901c4ed0a$0d832190$0400a8c0@satellite>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <001901c4ed0a$0d832190$0400a8c0@satellite>
cc: freebsd-questions@freebsd.org
Subject: Re: loading firewall rules dynamically at higher security levels
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Dec 2004 23:34:14 -0000

On 2004-12-28 13:21, dave <dmehler26@woh.rr.com> wrote:
> Hello,
>     I was wondering is it possible to load ipf or pf via rc.conf with a
> system in a securelevel of 1 or greater? Trying this thus far has been
> unsuccessful, reading the man page suggests this is not possible but if
> anyone has a workaround i'd appreciate it.

Hmmm, as far as I can tell, all firewalls are loaded before the
securelevel is bumped:

% gothmog:/root# rcorder /etc/rc.d/* | egrep -e 'pf|securelevel'
% /etc/rc.d/ipfilter
% /etc/rc.d/ipfs
% /etc/rc.d/ipfw
% /etc/rc.d/pflog
% /etc/rc.d/pf
% /etc/rc.d/securelevel
% gothmog:/root#

How are you setting the system securelevel and how do firewall rules
fail to load?