Bug 27615

Summary: ipf restricts rule-changing at securelevel 2
Product: Base System Reporter: andria <andria>
Component: kernAssignee: Darern Reed <darrenr>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.3-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff
none
pr27615.new none

Description andria 2001-05-24 15:00:01 UTC 
According to the 'init' manpage, running at securelevel 2 should still
allow the flushing/changing of ipf/ipnat rules.  This is true for ipfw,
but is not true for ipf.

Fix: There are only two references to securelevel in the ip-filter code.
They should be changed from 'securelevel >= 2' to 'securelevel >=3'.
How-To-Repeat: Run a firewall at securelevel 2 and try to flush/change your ipf or 
ipnat rules.
Comment 1 dwmalone freebsd_committer freebsd_triage 2001-05-24 15:24:09 UTC 
Responsible Changed
From-To: freebsd-bugs->darrenr

Darren is the ipf man.
Comment 2 adrian 2001-10-08 02:58:55 UTC 
Hi folks,

	These patches seemed to have expanded tabs in them which made them
fail to apply cleanly.  Attached are ones that work relative to
4.4-RELEASE.  ipfilter does indeed mark its rules immutable at level 2,
where as ipfw does the same thing at level 3.  Both firewall technologies
ought to be consistent.

	Adrian
--
[ adrian@ubergeeks.com ]
Comment 3 Darern Reed freebsd_committer freebsd_triage 2002-02-04 14:31:24 UTC 
State Changed
From-To: open->closed

patch added to -current and -stable