diff options
| author |   camield <camield@openbsd.org> | 2006-08-30 06:30:00 +0000 |
|---|---|---|
| committer | camield <camield@openbsd.org> | 2006-08-30 06:30:00 +0000 |
| commit | 2ec0924944a1d3f16146f083bd604dd224cdc88c (patch) | |
| tree | 181337bd23993c29131abacc26f055a7f9af07d5 | |
| parent | Remove useless logging, the logged event happens all the time, no need to (diff) | |
| download | wireguard-openbsd-2ec0924944a1d3f16146f083bd604dd224cdc88c.tar.xz wireguard-openbsd-2ec0924944a1d3f16146f083bd604dd224cdc88c.zip | |
document that ftp-proxy cannot function at a raised securelevel
ok jmc marco
| -rw-r--r-- | usr.sbin/ftp-proxy/ftp-proxy.8 | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/usr.sbin/ftp-proxy/ftp-proxy.8 b/usr.sbin/ftp-proxy/ftp-proxy.8 index 1f4c2d12380..9c038b44c4b 100644 --- a/usr.sbin/ftp-proxy/ftp-proxy.8 +++ b/usr.sbin/ftp-proxy/ftp-proxy.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ftp-proxy.8,v 1.4 2005/11/20 10:01:30 jmc Exp $ +.\" $OpenBSD: ftp-proxy.8,v 1.5 2006/08/30 06:30:00 camield Exp $ .\" .\" Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl> .\" @@ -164,6 +164,14 @@ pass out proto tcp from $proxy to any port 21 keep state .Xr pf 4 , .Xr pf.conf 5 .Sh CAVEATS +.Xr pf 4 +does not allow the ruleset to be modified if the system is running at a +.Xr securelevel 7 +higher than 1. +At that level +.Nm ftp-proxy +cannot add rules to the anchors and FTP data connections may get blocked. +.Pp Negotiated data connection ports below 1024 are not allowed. .Pp The negotiated IP address for active modes is ignored for security |