Subject: Re: use of securelevel.
To: None <email@example.com>
From: None <firstname.lastname@example.org>
Date: 04/03/1997 14:25:08
Darren Reed wrote:
> It has been suggested that IP Filter disallow changes to filter rules if
> securelevel is set to some level...(I think 3 was the suggestion).
> However, before doing this, I want to poll people on whether they think
> three is appropriate, or should 10 be used (say) as a synonym for
> "firewall security level".
I think it's a bit odd to allow filter rule changes in multiuser (1)
and above. If you're running a secure system, then changes which
affect system security should only be allowed in single-user, and
surely filter ruleset changes would fall into that category.
If you're running an insecure system, then securelevel should
be -1 anyway :-)
Ronald Khoo <email@example.com> Voice: +44 181 371 1000 Fax: +44 181 371 1150
Politicians are like buses: you don't see any for ages, then comes the
general election and three turn up all at once -- local rag.