Date: Mon, 13 Jan 2003 00:19:54 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Pawel Jakub Dawidek <nick@garage.freebsd.pl> Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sbin/ipfw ipfw.8 ipfw2.c Message-ID: <200301130819.h0D8JsJc001902@apollo.backplane.com> References: <200301120331.h0C3VA2H040455@repoman.freebsd.org> <20030113075934.GE9430@garage.freebsd.pl> <200301130807.h0D87urr001783@apollo.backplane.com> <20030113081749.GF9430@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
:Exactly, but:
:
:SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, enable, CTLFLAG_RW,
: &fw_enable, 0, "Enable ipfw");
:
:So where are adequate checks?
:I haven't check, but it looks like we can manipulate net.inet.ip.fw.enable
:even if securelevel >=3D 3. Am I wrong?
:
:--=20
:Pawel Jakub Dawidek
:UNIX Systems Administrator
You are looking at the old ipfw code. Look at the sysctl's in
ip_fw2.c instead. Either way it is not really relevant to my
commit, I didn't make any changes to the IPFW kernel code, only
to the userland program.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301130819.h0D8JsJc001902>