root@vigilante /root cuaa1# man init |tail -n 130 |head -n 5 3 Network secure mode - same as highly secure mode, plus IP packet filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and dummynet(4) configuration cannot be adjusted. root@vigilante /root cuaa1# sysctl -a |grep secure kern.securelevel: 3 root@vigilante /root cuaa1# ipfw show 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65535 44 3648 deny ip from any to any root@vigilante /root cuaa1# ping 216.136.204.21 PING 216.136.204.21 (216.136.204.21): 56 data bytes ping: sendto: Permission denied ping: sendto: Permission denied ^C --- 216.136.204.21 ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss root@vigilante /root cuaa1# telnet 216.136.204.21 80 Trying 216.136.204.21... telnet: connect to address 216.136.204.21: Permission denied telnet: Unable to connect to remote host root@vigilante /root cuaa1# sysctl net.inet.ip.fw.enable=0 net.inet.ip.fw.enable: 1 -> 0 root@vigilante /root cuaa1# ping 216.136.204.21 PING 216.136.204.21 (216.136.204.21): 56 data bytes 64 bytes from 216.136.204.21: icmp_seq=0 ttl=50 time=338.878 ms 64 bytes from 216.136.204.21: icmp_seq=1 ttl=50 time=346.135 ms ^C --- 216.136.204.21 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 338.878/342.506/346.135/3.629 ms root@vigilante /root cuaa1# telnet 216.136.204.21 80 Trying 216.136.204.21... Connected to freefall.freebsd.org. Escape character is '^]'. quit <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>501 Method Not Implemented</TITLE> </HEAD><BODY> <H1>Method Not Implemented</H1> quit to /index.html not supported.<P> Invalid method in request quit / HTTP/1.1<P> </BODY></HTML> Connection closed by foreign host. Santos
On 2003-05-25 07:57, Santos wrote:> root@vigilante /root cuaa1# man init |tail -n 130 |head -n 5 > > 3 Network secure mode - same as highly secure mode, plus IP packet > filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and > dummynet(4) configuration cannot be adjusted. > > root@vigilante /root cuaa1# sysctl -a |grep secure > kern.securelevel: 3 > [...] > root@vigilante /root cuaa1# sysctl net.inet.ip.fw.enable=0 > net.inet.ip.fw.enable: 1 -> 0 > > root@vigilante /root cuaa1# ping 216.136.204.21 > PING 216.136.204.21 (216.136.204.21): 56 data bytes > 64 bytes from 216.136.204.21: icmp_seq=0 ttl=50 time=338.878 ms > ^CTry this patch. Unless of course, you're not using IPFW version 1, in which case someone more knowledgeable will hopefully correct me :) <<<<<<< Index: ip_fw.c ==================================================================RCS file: /home/ncvs/src/sys/netinet/ip_fw.c,v retrieving revision 1.192 diff -u -r1.192 ip_fw.c --- sys/netinet/ip_fw.c 19 Feb 2003 05:47:33 -0000 1.192 +++ sys/netinet/ip_fw.c 25 May 2003 20:46:37 -0000 @@ -95,7 +95,7 @@ #ifdef SYSCTL_NODE SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, enable, CTLFLAG_RW, +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, enable, CTLFLAG_RW|CTLFLAG_SECURE3, &fw_enable, 0, "Enable ipfw"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO,one_pass,CTLFLAG_RW, &fw_one_pass, 0,>>>>>>>- Giorgos