summaryrefslogtreecommitdiff
path: root/sys/netinet
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet')
-rw-r--r--sys/netinet/ip_fil.c29
1 files changed, 28 insertions, 1 deletions
diff --git a/sys/netinet/ip_fil.c b/sys/netinet/ip_fil.c
index 1de368d9bfe..6e90df072bb 100644
--- a/sys/netinet/ip_fil.c
+++ b/sys/netinet/ip_fil.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_fil.c,v 1.14 1997/06/23 19:03:48 kstailey Exp $ */
+/* $OpenBSD: ip_fil.c,v 1.15 1997/12/03 01:25:32 kstailey Exp $ */
/*
* (C)opyright 1993,1994,1995 by Darren Reed.
*
@@ -281,6 +281,33 @@ iplioctl(dev, cmd, data, mode
if (unit != 0)
return ENXIO;
+ if (securelevel > 1) {
+ switch (cmd) {
+#ifndef IPFILTER_LKM
+ case SIOCFRENB:
+#endif
+ case SIOCSETFF:
+ case SIOCADAFR:
+ case SIOCADIFR:
+ case SIOCINAFR:
+ case SIOCINIFR:
+ case SIOCRMAFR:
+ case SIOCRMIFR:
+ case SIOCZRLST:
+ case SIOCSWAPA:
+ case SIOCFRZST:
+ case SIOCIPFFL:
+#ifdef IPFILTER_LOG
+ case SIOCIPFFB:
+#endif
+ case SIOCADNAT:
+ case SIOCRMNAT:
+ case SIOCFLNAT:
+ case SIOCCNATL:
+ return EPERM;
+ }
+ }
+
SPLNET(s);
switch (cmd) {
case FIONREAD :
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-24 13:32:58 +0000