summaryrefslogtreecommitdiff
path: root/sys/net
diff options
context:
space:
mode:
Diffstat (limited to 'sys/net')
-rw-r--r--sys/net/pf.c19
1 files changed, 18 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index d623a33e4d7..a8c16aa6f40 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.81 2001/06/27 22:41:25 dhartmei Exp $ */
+/* $OpenBSD: pf.c,v 1.82 2001/06/28 10:04:19 hugh Exp $ */
/*
* Copyright (c) 2001, Daniel Hartmeier
@@ -581,6 +581,23 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
if (!(flags & FWRITE))
return (EACCES);
+ if (securelevel > 1)
+ switch (cmd) {
+ case DIOCSTART:
+ case DIOCSTOP:
+ case DIOCBEGINRULES:
+ case DIOCADDRULE:
+ case DIOCCOMMITRULES:
+ case DIOCBEGINNATS:
+ case DIOCADDNAT:
+ case DIOCCOMMITNATS:
+ case DIOCBEGINRDRS:
+ case DIOCADDRDR:
+ case DIOCCOMMITRDRS:
+ case DIOCCLRSTATES:
+ return EPERM;
+ }
+
switch (cmd) {
case DIOCSTART: