Securelevel dont let ipf read rules...

perikillo perikillo at gmail.com
Mon Apr 4 09:06:44 PDT 2005 

 Hi all, i was testing my firewaill with Freebsd 4.11 Release and ipf on the 
kernel. I have ppp setup to run on every time i turn on the system, i was 
using securelevel=2 on the /etc/sysctl.conf
kern.securelevel=2
and /etc/rc.conf
/etc/rc.conf:
kernel_securelevel=2

After i see that my firewall was ready to start his job, i decide to change 
the secure level to paranoid level and change the secure level to 3:
/etc/sysctl.conf:
kern.securelevel=3
/etc/rc.conf:
kernel_securelevel=3

Went i restart my computer, and try to access with my other computer wich 
use Windows 2k, i try to access the internet, and see that my browser dont 
find nothing, make some test on it, but no access to the outside world. I go 
back to my firewall and test the conecction:

test#ifconfig

This show that i was conected, then test with ping, fastest_cvsup none of 
then reach the outside world. After this i test ipf :

test#ipfstat -hio
upsssssssssssssss, dont have any rules on my firewall, the i go to:

test# ee /var/log/console

I go to the end of the file and read my last boot up messages and see that 
went my system try read the /etc/ipf.rules and /etc/ipmon.rules the system 
secure level=3 on /etc/syctl.conf dont let ipf and ipnat to charge his rules 
set. 
"Operation Not Permite" (something like this mmmm dont remember the right 
messages :-\)

/etc/sysctl.conf goes before /etc/rc.conf, i was thinking that if i setup 
securelevel=1 on sysctl.conf and then on rc.conf after ipf and ppp start, 
setup securelevel to 3, but my rc.conf dosent do nothing. 

How can i reach securelevel=3 and run my firewall, i dont want to input 
nothing directly i want that baby(freebsd) do every thing automatically, 
maybe i need to setup a script???

Or i am doing something wrong?

I read man init but dont see nothing about this issue...

Thanks all for your comments.
NOTE: Freebsd 4.11 Release, ipfilter compile in the kernel. This machine run 
only my firewall no servers is an old pentium 100Mhz. I try to write my best 
english.

More information about the freebsd-questions mailing list