[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ipfilter and kern.securelevel

To: tech@openbsd.org
Subject: ipfilter and kern.securelevel
From: Matthew Patton <matthew.patton@ra.pae.osd.mil>
Date: Mon, 07 Dec 1998 15:30:15 -0500
Organization: Secretary of Defense, Program Analysis & Evaluation

I need a solution for a firewall (ipfilter) running with intelligent
inspection proxies. The ftp proxy isn't up to snuff yet but it does try
to add rules to the in-kernel list.

The problem is when the machine is at securelevel=2. Changing ipf/ipnat
rules is prohibited. Does it make sense to define a level of 3 that
locks these rules or exempt ipf from level 2 checks entirely?

I don't want to give up the benefits of filesystem immutable flags and
what not just to dynamically add/drop rules.

Prev by Date: 2.4/i386: root on acd0a?
Next by Date: Stripping off mail headers
Prev by thread: 2.4/i386: root on acd0a?
Next by thread: Stripping off mail headers
Index(es):
- Date
- Thread