summaryrefslogtreecommitdiffstats
path: root/sys/netinet/ip_fw2.c
diff options
context:
space:
mode:
authordillon <dillon@FreeBSD.org>2003-01-14 19:35:33 +0000
committerdillon <dillon@FreeBSD.org>2003-01-14 19:35:33 +0000
commitdab80127c869f0186bdcd377800f26d02493275c (patch)
treeb91be0792326f5fadb2ec44cf34f67e8496fa337 /sys/netinet/ip_fw2.c
parent0a61e145e988f4a47d8edac3564be348eade25b1 (diff)
downloadFreeBSD-src-dab80127c869f0186bdcd377800f26d02493275c.zip
FreeBSD-src-dab80127c869f0186bdcd377800f26d02493275c.tar.gz
Introduce the ability to flag a sysctl for operation at secure level 2 or 3
in addition to secure level 1. The mask supports up to a secure level of 8 but only add defines through CTLFLAG_SECURE3 for now. As per the missif in the log entry for 1.11 of ip_fw2.c which added the secure flag to the IPFW sysctl's in the first place, change the secure level requirement from 1 to 3 now that we have support for it. Reviewed by: imp With Design Suggestions by: imp
Diffstat (limited to 'sys/netinet/ip_fw2.c')
-rw-r--r--sys/netinet/ip_fw2.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c
index 5715587..6759bd0 100644
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@@ -112,18 +112,18 @@ static int autoinc_step = 100; /* bounded to 1..1000 in add_rule() */
#ifdef SYSCTL_NODE
SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall");
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, enable,
- CTLFLAG_RW | CTLFLAG_SECURE,
+ CTLFLAG_RW | CTLFLAG_SECURE3,
&fw_enable, 0, "Enable ipfw");
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, autoinc_step, CTLFLAG_RW,
&autoinc_step, 0, "Rule number autincrement step");
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, one_pass,
- CTLFLAG_RW | CTLFLAG_SECURE,
+ CTLFLAG_RW | CTLFLAG_SECURE3,
&fw_one_pass, 0,
"Only do a single pass through ipfw when using dummynet(4)");
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, debug, CTLFLAG_RW,
&fw_debug, 0, "Enable printing of debug ip_fw statements");
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose,
- CTLFLAG_RW | CTLFLAG_SECURE,
+ CTLFLAG_RW | CTLFLAG_SECURE3,
&fw_verbose, 0, "Log matches to ipfw rules");
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW,
&verbose_limit, 0, "Set upper limit of matches of ipfw rules logged");
OpenPOWER on IntegriCloud