Date: Tue, 5 Apr 2005 07:51:01 -0700 From: perikillo <perikillo@gmail.com> To: freebsd-questions@freebsd.org Subject: (Solve)Re: Securelevel dont let ipf read rules... Message-ID: <51d7a51605040507515405df70@mail.gmail.com> In-Reply-To: <51d7a516050404090660bb68ed@mail.gmail.com> References: <51d7a516050404090660bb68ed@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
One big mistake by my part. like you see below, i was having problems with= =20 secure level and ipf, but the problem was this: My old /etc/rc.conf was: kernel_securelevel=3D3 But after checking man rc.conf again, is kern_securelevel This way rc.conf dont let freebsd set that variable, now i can run ipf with= =20 the secure level 3, thanks to all. On Apr 4, 2005 9:06 AM, perikillo <perikillo@gmail.com> wrote: >=20 > Hi all, i was testing my firewaill with Freebsd 4.11 Release and ipf on= =20 > the kernel. I have ppp setup to run on every time i turn on the system, i= =20 > was using securelevel=3D2 on the /etc/sysctl.conf > kern.securelevel=3D2 > and /etc/rc.conf > /etc/rc.conf: > kernel_securelevel=3D2 >=20 > After i see that my firewall was ready to start his job, i decide to=20 > change the secure level to paranoid level and change the secure level to = 3: > /etc/sysctl.conf: > kern.securelevel=3D3 > /etc/rc.conf: > kernel_securelevel=3D3 >=20 > Went i restart my computer, and try to access with my other computer wich= =20 > use Windows 2k, i try to access the internet, and see that my browser don= t=20 > find nothing, make some test on it, but no access to the outside world. I= go=20 > back to my firewall and test the conecction: >=20 > test#ifconfig >=20 > This show that i was conected, then test with ping, fastest_cvsup none of= =20 > then reach the outside world. After this i test ipf : >=20 > test#ipfstat -hio > upsssssssssssssss, dont have any rules on my firewall, the i go to: >=20 > test# ee /var/log/console >=20 > I go to the end of the file and read my last boot up messages and see tha= t=20 > went my system try read the /etc/ipf.rules and /etc/ipmon.rules the syste= m=20 > secure level=3D3 on /etc/syctl.conf dont let ipf and ipnat to charge his = rules=20 > set.=20 > "Operation Not Permite" (something like this mmmm dont remember the right= =20 > messages :-\) >=20 > /etc/sysctl.conf goes before /etc/rc.conf, i was thinking that if i setup= =20 > securelevel=3D1 on sysctl.conf and then on rc.conf after ipf and ppp star= t,=20 > setup securelevel to 3, but my rc.conf dosent do nothing.=20 >=20 > How can i reach securelevel=3D3 and run my firewall, i dont want to input= =20 > nothing directly i want that baby(freebsd) do every thing automatically,= =20 > maybe i need to setup a script??? >=20 > Or i am doing something wrong? >=20 > I read man init but dont see nothing about this issue... >=20 > Thanks all for your comments. > NOTE: Freebsd 4.11 Release, ipfilter compile in the kernel. This machine= =20 > run only my firewall no servers is an old pentium 100Mhz. I try to write = my=20 > best english. >=20 >=20 >=20 >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51d7a51605040507515405df70>