Darren Reed wrote:

> It has been suggested that IP Filter disallow changes to filter rules if
> securelevel is set to some level...(I think 3 was the suggestion).
> 
> However, before doing this, I want to poll people on whether they think
> three is appropriate, or should 10 be used (say) as a synonym for
> "firewall security level".

I think it's a bit odd to allow filter rule changes in multiuser (1)
and above.  If you're running a secure system, then changes which
affect system security should only be allowed in single-user, and
surely filter ruleset changes would fall into that category.

If you're running an insecure system, then securelevel should
be -1 anyway :-)
-- 
Ronald Khoo <ronald@demon.net> Voice: +44 181 371 1000 Fax: +44 181 371 1150
Politicians are like buses: you don't see any for ages, then comes the
general election and three turn up all at once -- local rag.