Date: Mon, 13 Jan 2003 15:07:00 +0100 From: Pawel Jakub Dawidek <nick@garage.freebsd.pl> To: Bruce Evans <bde@zeta.org.au> Cc: Matthew Dillon <dillon@apollo.backplane.com>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, luigi@freebsd.org Subject: Re: cvs commit: src/sbin/ipfw ipfw.8 ipfw2.c Message-ID: <20030113140700.GP9430@garage.freebsd.pl> In-Reply-To: <20030113222917.C12128-100000@gamplex.bde.org> References: <20030113082610.GH9430@garage.freebsd.pl> <20030113222917.C12128-100000@gamplex.bde.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--bpVaumkpfGNUagdU
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Jan 13, 2003 at 10:31:27PM +1100, Bruce Evans wrote:
+> This is noted in the log message:
[...]
Ok, could someone commit this?
--- ip_fw2.c.orig Fri Dec 27 18:43:25 2002
+++ ip_fw2.c Mon Jan 13 15:02:54 2003
@@ -111,9 +111,32 @@
=20
#ifdef SYSCTL_NODE
SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall");
-SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, enable,
- CTLFLAG_RW | CTLFLAG_SECURE,
- &fw_enable, 0, "Enable ipfw");
+
+static int
+sysctl_net_inet_ip_fw_enable(SYSCTL_HANDLER_ARGS)
+{
+ int error, enable;
+
+ enable =3D fw_enable;
+ error =3D sysctl_handle_int(oidp, &enable, 0, req);
+ if (error !=3D 0 || req->newptr =3D=3D NULL || enable =3D=3D fw_enable)
+ return (error);
+
+#if __FreeBSD_version >=3D 500034
+ error =3D securelevel_ge(req->td->td_ucred, 3);
+ if (error !=3D 0)
+ return (error);
+#else
+ if (securelevel >=3D 3)
+ return (EPERM);
+#endif
+ fw_enable =3D enable;
+
+ return(0);
+}
+SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, enable, CTLTYPE_INT | CTLFLAG_RW, 0=
, 0,
+ sysctl_net_inet_ip_fw_enable, "I", "Enable ipfw");
+
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, autoinc_step, CTLFLAG_RW,
&autoinc_step, 0, "Rule number autincrement step");
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, one_pass,
--=20
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
--bpVaumkpfGNUagdU
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iQCVAwUBPiLIBD/PhmMH/Mf1AQHHygP/Ri7PpkYbJqnVYlj6xa95MX/AumdtiDvw
DdN1y1GM7bQGTcN7olkOH0y8xLbVTW1KkkJmBmG5aa58LxR8z8+pIT80IIckDMjv
R/NHRTm7Ysx2c5/VlxzhVmKV39U4bcHzcnC7w5GtHY7ig+Gf6BcnNOTtSBwL3wco
zEV0D4/cIU8=
=7t1d
-----END PGP SIGNATURE-----
--bpVaumkpfGNUagdU--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030113140700.GP9430>