diff options
| -rw-r--r-- | sys/netinet/ip_fw.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c index b0ce1c5..fbbaa9e 100644 --- a/sys/netinet/ip_fw.c +++ b/sys/netinet/ip_fw.c @@ -1817,11 +1817,11 @@ ip_fw_ctl(struct sockopt *sopt) struct ip_fw frwl, *bp , *buf; /* - * Disallow sets in really-really secure mode, but still allow + * Disallow modifications in really-really secure mode, but still allow * the logging counters to be reset. */ - if (sopt->sopt_dir == SOPT_SET && securelevel >= 3 && - sopt->sopt_name != IP_FW_RESETLOG) + if (securelevel >= 3 && (sopt->sopt_name == IP_FW_ADD || + (sopt->sopt_dir == SOPT_SET && sopt->sopt_name != IP_FW_RESETLOG))) return (EPERM); error = 0; |
