Mention affect of securelevel 3 and higher on attempts to change filter lists.

Prompted by: PR docs/7785
author: ghelmer <ghelmer@FreeBSD.org> 1998-12-16 17:10:03 +0000
committer: ghelmer <ghelmer@FreeBSD.org> 1998-12-16 17:10:03 +0000
commit: fe4bef15792c5ebfba9e66816aa99753d93f49f2 (patch)
tree: f976fc0f2135fae6c521cc2a079ad40469190673 /sbin/ipfw
parent: fe04bf9dbabee83c45b05c3cfbc9a4cfd3fe7478 (diff)
download: FreeBSD-src-fe4bef15792c5ebfba9e66816aa99753d93f49f2.zip
FreeBSD-src-fe4bef15792c5ebfba9e66816aa99753d93f49f2.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8
index 6875c94..40fb582 100644
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@@ -511,6 +511,11 @@ ipfw flush
 .Ed
 .Pp
 in similar surroundings is also a bad idea.
+.Pp
+The IP filter list may not be modified if the system security level
+is set to 3 or higher (see
+.Xr init 8
+for information on system security levels).
 .Sh PACKET DIVERSION
 A divert socket bound to the specified port will receive all packets diverted
 to that port; see
@@ -551,6 +556,7 @@ This rule diverts all incoming packets from 192.168.2.0/24 to divert port 5000:
 .Xr ipfirewall 4 ,
 .Xr protocols 5 ,
 .Xr services 5 ,
+.Xr init 8 ,
 .Xr reboot 8 ,
 .Xr sysctl 8 ,
 .Xr syslogd 8
author	ghelmer <ghelmer@FreeBSD.org>	1998-12-16 17:10:03 +0000
committer	ghelmer <ghelmer@FreeBSD.org>	1998-12-16 17:10:03 +0000
commit	fe4bef15792c5ebfba9e66816aa99753d93f49f2 (patch)
tree	f976fc0f2135fae6c521cc2a079ad40469190673 /sbin/ipfw
parent	fe04bf9dbabee83c45b05c3cfbc9a4cfd3fe7478 (diff)
download	FreeBSD-src-fe4bef15792c5ebfba9e66816aa99753d93f49f2.zip FreeBSD-src-fe4bef15792c5ebfba9e66816aa99753d93f49f2.tar.gz