[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: initial pf-rules -> sysctl -> networking

To: misc@openbsd.org
Subject: Re: initial pf-rules -> sysctl -> networking
From: Han Boetes <han@mijncomputer.nl>
Date: Sun, 2 Nov 2003 23:24:54 +0059
Content-Disposition: inline
Mail-Followup-To: misc@openbsd.org
References: <20031102194243.GC32117@boetes.org> <3FA57F2B.6020706@gmx.net>
User-Agent: Mutt/1.5.4i

Gerber Simon wrote:
> Han wrote:
> > In /etc/rc first the initial pf-rules are loaded and then the sysctls
> > are loaded and then networking is started.
> > It seems to be more logical to first load the sysctl, then load the
> > initial pf-rules and then networking is started.

> The practical reason for this is that if you're increasing your kernel
> security level from 1 (default) to 2 it becomes impossible to alter
> the pf rule file. So you've to load it before the sysctls modify the
> kernel security level.

Ehm no.

Much later on in /etc/rc this happens:

    [ -f /etc/rc.securelevel ] && . /etc/rc.securelevel
    if [ -n "$securelevel" ]; then
        echo -n 'Setting kernel security level: '
        sysctl -w kern.securelevel=$securelevel
    fi

So putting the securelevel in /etc/sysctl.conf _is_ possible, but I
wouldn't recommend it :)




# Han

References:
- initial pf-rules -> sysctl -> networking
  - From: Han Boetes <han@mijncomputer.nl>
- Re: initial pf-rules -> sysctl -> networking
  - From: Gerber Simon <sigex@gmx.net>

Prev by Date: 3.4 and Mplayer
Next by Date: Re: 3.4 and Mplayer
Prev by thread: Re: initial pf-rules -> sysctl -> networking
Next by thread: Nested macros problem in pf.conf
Index(es):
- Date
- Thread