Bug 22012

Summary: Secure level 2 in kernel prevents read access to ipnat information
Product: Base System Reporter: ahd <ahd>
Component: kernAssignee: Darern Reed <darrenr>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.1-RELEASE   
Hardware: Any   
OS: Any   

Description ahd 2000-10-16 01:40:01 UTC 
	Raising secure level of the kernel to 2 prevents even read only access to the
	IPNAT maps.

Fix: 

Workaround: Disable raising kernel security level.
How-To-Repeat: 
   sonata,134# sysctl -a | grep secure
   kern.securelevel: -1

   sonata,136# ipnat -l
   List of active MAP/Redirect filters:
   map ep0 192.168.200.0/22  -> 0.0.0.0/32  proxy port ftp ftp/tcp
   map ep0 192.168.200.0/22  -> 0.0.0.0/32  proxy port 7070 raudio/tcp
   map ep0 192.168.200.0/22  -> 0.0.0.0/32  portmap tcp/udp 20000:21999

   List of active sessions:

   sonata,137# sysctl -w kern.securelevel=2
   kern.securelevel: -1 -> 2

   sonata,138# ipnat -l
   ioctl(SIOCGNATS): Operation not permitted
Comment 1 Darern Reed freebsd_committer freebsd_triage 2001-02-21 21:31:43 UTC 
Responsible Changed
From-To: freebsd-bugs->darrenr

darrenr is responsible for ipfilter
Comment 2 Darern Reed freebsd_committer freebsd_triage 2001-10-20 04:52:19 UTC 
State Changed
From-To: open->feedback

this is being worked on
Comment 3 Darern Reed freebsd_committer freebsd_triage 2002-03-26 10:11:13 UTC 
State Changed
From-To: feedback->closed

this bas been fixed in -current