Date: Sun, 25 May 2003 07:57:43 +0100 From: Santos <sansan@cas.port995.com> To: freebsd-security@freebsd.org Subject: ipfirewall(4)) cannot be changed Message-ID: <3ED06967.90306@cas.port995.com>
next in thread | raw e-mail | index | archive | help
root@vigilante /root cuaa1# man init |tail -n 130 |head -n 5 3 Network secure mode - same as highly secure mode, plus IP packet filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and dummynet(4) configuration cannot be adjusted. root@vigilante /root cuaa1# sysctl -a |grep secure kern.securelevel: 3 root@vigilante /root cuaa1# ipfw show 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65535 44 3648 deny ip from any to any root@vigilante /root cuaa1# ping 216.136.204.21 PING 216.136.204.21 (216.136.204.21): 56 data bytes ping: sendto: Permission denied ping: sendto: Permission denied ^C --- 216.136.204.21 ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss root@vigilante /root cuaa1# telnet 216.136.204.21 80 Trying 216.136.204.21... telnet: connect to address 216.136.204.21: Permission denied telnet: Unable to connect to remote host root@vigilante /root cuaa1# sysctl net.inet.ip.fw.enable=0 net.inet.ip.fw.enable: 1 -> 0 root@vigilante /root cuaa1# ping 216.136.204.21 PING 216.136.204.21 (216.136.204.21): 56 data bytes 64 bytes from 216.136.204.21: icmp_seq=0 ttl=50 time=338.878 ms 64 bytes from 216.136.204.21: icmp_seq=1 ttl=50 time=346.135 ms ^C --- 216.136.204.21 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 338.878/342.506/346.135/3.629 ms root@vigilante /root cuaa1# telnet 216.136.204.21 80 Trying 216.136.204.21... Connected to freefall.freebsd.org. Escape character is '^]'. quit <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>501 Method Not Implemented</TITLE> </HEAD><BODY> <H1>Method Not Implemented</H1> quit to /index.html not supported.<P> Invalid method in request quit / HTTP/1.1<P> </BODY></HTML> Connection closed by foreign host. Santos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ED06967.90306>