ipfirewall(4)) cannot be changed
Santos
sansan at cas.port995.com
Sat May 24 23:57:17 PDT 2003
root at vigilante /root cuaa1# man init |tail -n 130 |head -n 5
3 Network secure mode - same as highly secure mode, plus IP packet
filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and
dummynet(4) configuration cannot be adjusted.
root at vigilante /root cuaa1# sysctl -a |grep secure
kern.securelevel: 3
root at vigilante /root cuaa1# ipfw show
00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
65535 44 3648 deny ip from any to any
root at vigilante /root cuaa1# ping 216.136.204.21
PING 216.136.204.21 (216.136.204.21): 56 data bytes
ping: sendto: Permission denied
ping: sendto: Permission denied
^C
--- 216.136.204.21 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root at vigilante /root cuaa1# telnet 216.136.204.21 80
Trying 216.136.204.21...
telnet: connect to address 216.136.204.21: Permission denied
telnet: Unable to connect to remote host
root at vigilante /root cuaa1# sysctl net.inet.ip.fw.enable=0
net.inet.ip.fw.enable: 1 -> 0
root at vigilante /root cuaa1# ping 216.136.204.21
PING 216.136.204.21 (216.136.204.21): 56 data bytes
64 bytes from 216.136.204.21: icmp_seq=0 ttl=50 time=338.878 ms
64 bytes from 216.136.204.21: icmp_seq=1 ttl=50 time=346.135 ms
^C
--- 216.136.204.21 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 338.878/342.506/346.135/3.629 ms
root at vigilante /root cuaa1# telnet 216.136.204.21 80
Trying 216.136.204.21...
Connected to freefall.freebsd.org.
Escape character is '^]'.
quit
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>501 Method Not Implemented</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
quit to /index.html not supported.<P>
Invalid method in request quit / HTTP/1.1<P>
</BODY></HTML>
Connection closed by foreign host.
Santos
More information about the freebsd-security
mailing list