secure level 2 unable to modify pf rules
Andrew Konstantinov
andrei at kableu.com
Thu Jan 20 19:32:03 PST 2005
Hello,
The manual page for securelevel says that secure level 3 provides the same
functionality as secure level 2 plus the protection of pf/ipf/ipfw against
modification. Since pf/ipf/ipfw protection is an addition, I assume that it
should not be present with secure level 2. For some reason that's not the
reality.
gater# id
uid=0(root) gid=0(wheel) groups=0(wheel), 5(operator)
gater# uname -rs
FreeBSD 5.3-RELEASE-p5
gater# sysctl kern.securelevel
kern.securelevel: 2
gater# pfctl -F all
pfctl: pfctl_clear_rules: Operation not permitted
gater#
Is there a bug in the documentation or in the implementation of secure level?
Or perhaps, did I misinterpret something?
Thanks in advance,
Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20050120/a215d0f6/attachment.bin
More information about the freebsd-stable
mailing list