diff options
author | ghelmer <ghelmer@FreeBSD.org> | 1998-12-16 17:10:03 +0000 |
---|---|---|
committer | ghelmer <ghelmer@FreeBSD.org> | 1998-12-16 17:10:03 +0000 |
commit | fe4bef15792c5ebfba9e66816aa99753d93f49f2 (patch) | |
tree | f976fc0f2135fae6c521cc2a079ad40469190673 /sbin | |
parent | fe04bf9dbabee83c45b05c3cfbc9a4cfd3fe7478 (diff) | |
download | FreeBSD-src-fe4bef15792c5ebfba9e66816aa99753d93f49f2.zip FreeBSD-src-fe4bef15792c5ebfba9e66816aa99753d93f49f2.tar.gz |
Mention affect of securelevel 3 and higher on attempts to change filter lists.
Prompted by: PR docs/7785
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/ipfw/ipfw.8 | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 6875c94..40fb582 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -511,6 +511,11 @@ ipfw flush .Ed .Pp in similar surroundings is also a bad idea. +.Pp +The IP filter list may not be modified if the system security level +is set to 3 or higher (see +.Xr init 8 +for information on system security levels). .Sh PACKET DIVERSION A divert socket bound to the specified port will receive all packets diverted to that port; see @@ -551,6 +556,7 @@ This rule diverts all incoming packets from 192.168.2.0/24 to divert port 5000: .Xr ipfirewall 4 , .Xr protocols 5 , .Xr services 5 , +.Xr init 8 , .Xr reboot 8 , .Xr sysctl 8 , .Xr syslogd 8 |