Date: Mon, 13 Jan 2003 22:31:27 +1100 (EST) From: Bruce Evans <bde@zeta.org.au> To: Pawel Jakub Dawidek <nick@garage.freebsd.pl> Cc: Matthew Dillon <dillon@apollo.backplane.com>, <cvs-committers@FreeBSD.org>, <cvs-all@FreeBSD.org> Subject: Re: cvs commit: src/sbin/ipfw ipfw.8 ipfw2.c Message-ID: <20030113222917.C12128-100000@gamplex.bde.org> In-Reply-To: <20030113082610.GH9430@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 13 Jan 2003, Pawel Jakub Dawidek wrote:
> On Mon, Jan 13, 2003 at 12:19:54AM -0800, Matthew Dillon wrote:
> +> You are looking at the old ipfw code. Look at the sysctl's in
> +> ip_fw2.c instead. Either way it is not really relevant to my
> +> commit, I didn't make any changes to the IPFW kernel code, only
> +> to the userland program.
>
> Sorry. But IMHO in ip_fw2.c this sysctl works bad as well.
> CTLFLAG_SECURE prevent from changing sysctl when securelevel >= 0
> and this prevention should be only when >= 3.
>
> But sysctl definition in ip_fw.c is bad, right? If yes, maybe some PR
> should be sent?
This is noted in the log message:
% RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v
% Working file: ip_fw2.c
% head: 1.22
% ...
% ----------------------------
% revision 1.11
% date: 2002/08/25 03:50:17; author: cjc; state: Exp; lines: +6 -3
% Lock the sysctl(8) knobs that turn ip{,6}fw(8) firewalling and
% firewall logging on and off when at elevated securelevel(8). It would
% be nice to be able to only lock these at securelevel >= 3, like rules
% are, but there is no such functionality at present. I don't see reason
% to be adding features to securelevel(8) with MAC being merged into 5.0.
%
% PR: kern/39396
% Reviewed by: luigi
% MFC after: 1 week
% ----------------------------
Bruce
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030113222917.C12128-100000>