On Mon, 3 Jul 2006, c.s.r.c.murthy wrote: > We have configured a firewall with pf on openbsd-3.9. It is found that > ftp-proxy is unable to operate when system is put in secure level 2. > This is due to the fact that ftp-proxy can't add/delete rules in pf in > secure level 2. But for security reasons we would like to have the > system running in secure level 2. Is there a soultion to have the > ftp-proxy working in secure level 2?
I don't think so. Securelevel 2 makes sure that userland can no longer modify pf rules. ftp-proxy is a userland program that modifies pf rules... both work that way by design. Those are clearly opposites so it's not something that can be fixed, short of changing the design. I'll add this to the CAVEATS section of the ftp-proxy manpage. -- Cam
