[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ipfilter and kern.securelevel
I need a solution for a firewall (ipfilter) running with intelligent
inspection proxies. The ftp proxy isn't up to snuff yet but it does try
to add rules to the in-kernel list.
The problem is when the machine is at securelevel=2. Changing ipf/ipnat
rules is prohibited. Does it make sense to define a level of 3 that
locks these rules or exempt ipf from level 2 checks entirely?
I don't want to give up the benefits of filesystem immutable flags and
what not just to dynamically add/drop rules.