Re: ipfirewall(4)) cannot be changed
From: Santos (sansan_at_cas.port995.com)
Date: 05/28/03
- Previous message: Andy Harrison: "Re: multihost master.passwd sync"
- In reply to: Giorgos Keramidas: "Re: ipfirewall(4)) cannot be changed"
- Next in thread: Simon L. Nielsen: "Re: ipfirewall(4)) cannot be changed"
- Reply: Simon L. Nielsen: "Re: ipfirewall(4)) cannot be changed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 May 2003 17:05:50 +0100 To: Giorgos Keramidas <keramida@ceid.upatras.gr>
Giorgos Keramidas wrote:
> Ah, that's fine. I don't have the time to test it now, but something
> similar to the following should do the trick. Sorry for not running
> this through a compile and a test run, but this is a very hectic day.
> Someone with enough time to run a full buildworld/buildkernel and fix
> any errors I have made should check that this fixes the problem and then
> notify the security officer. It looks like something that would be nice
> to have in STABLE *and* the security branches IMHO.
>
> <<<<<<<
> Index: ip_fw.c
> ===================================================================
> RCS file: /home/ncvs/src/sys/netinet/ip_fw.c,v
> retrieving revision 1.131.2.39
> diff -u -r1.131.2.39 ip_fw.c
> --- ip_fw.c 20 Jan 2003 02:23:07 -0000 1.131.2.39
> +++ ip_fw.c 26 May 2003 07:50:05 -0000
> @@ -94,9 +94,25 @@
> MALLOC_DEFINE(M_IPFW, "IpFw/IpAcct", "IpFw/IpAcct chain's");
>
> #ifdef SYSCTL_NODE
> +
> +static int
> +sysctl_fw_enable(SYSCTL_HANDLER_ARGS)
> +{
> + int error, v;
> +
> + if (securelevel >= 3)
> + return (ENOPERM);
> +
> + error = sysctl_handle_int(oidp, oidp->oid_arg1, 0, req);
> + if (error || !req->newptr)
> + return (error);
> +
> + return (0);
> +}
> +
> SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall");
> -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, enable, CTLFLAG_RW,
> - &fw_enable, 0, "Enable ipfw");
> +SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, enable, CTLTYPE_INT|CTLFLAG_RW,
> + &fw_enable, 0, sysctl_fw_enable, "I", "Enable ipfw");
> SYSCTL_INT(_net_inet_ip_fw, OID_AUTO,one_pass,CTLFLAG_RW,
> &fw_one_pass, 0,
> "Only do a single pass through ipfw when using dummynet(4)");
>
>
This doesn't fix the problem. Maybe this only fixes IPFW1 and not IPFW2
too?...
Santos
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Andy Harrison: "Re: multihost master.passwd sync"
- In reply to: Giorgos Keramidas: "Re: ipfirewall(4)) cannot be changed"
- Next in thread: Simon L. Nielsen: "Re: ipfirewall(4)) cannot be changed"
- Reply: Simon L. Nielsen: "Re: ipfirewall(4)) cannot be changed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
