I was busy getting myself into firewalling, and I thought this might be a
useful patch:
>>>>>>>>>>>>>>>
--- ip_sockglue.c.ori Mon Feb 26 12:27:50 1996
+++ ip_sockglue.c Mon Feb 26 12:28:00 1996
@@ -387,7 +387,7 @@
case IP_FW_POLICY_IN:
case IP_FW_POLICY_OUT:
case IP_FW_POLICY_FWD:
- if(!suser())
+ if(!suser() || securelevel > 0)
return -EPERM;
if(optlen>sizeof(tmp_fw) || optlen<1)
return -EINVAL;
<<<<<<<<<<<<<<<
This effectively freezes your firewall configuration after boot, so the bad
guys can't open your net even if they manage to hack into your firewall machine.
Comments?
Regards
Cees
-- Cees de Groot <C.deGroot@inter.NL.net> OpenLink Software, Inc.