document that ftp-proxy cannot function at a raised securelevel

ok jmc marco
author: camield <camield@openbsd.org> 2006-08-30 06:30:00 +0000
committer: camield <camield@openbsd.org> 2006-08-30 06:30:00 +0000
commit: 2ec0924944a1d3f16146f083bd604dd224cdc88c (patch)
tree: 181337bd23993c29131abacc26f055a7f9af07d5 /usr.sbin/ftp-proxy
parent: Remove useless logging, the logged event happens all the time, no need to (diff)
download: wireguard-openbsd-2ec0924944a1d3f16146f083bd604dd224cdc88c.tar.xz
wireguard-openbsd-2ec0924944a1d3f16146f083bd604dd224cdc88c.zip
1 files changed, 9 insertions, 1 deletions
diff --git a/usr.sbin/ftp-proxy/ftp-proxy.8 b/usr.sbin/ftp-proxy/ftp-proxy.8
index 1f4c2d12380..9c038b44c4b 100644
--- a/usr.sbin/ftp-proxy/ftp-proxy.8
+++ b/usr.sbin/ftp-proxy/ftp-proxy.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ftp-proxy.8,v 1.4 2005/11/20 10:01:30 jmc Exp $
+.\"	$OpenBSD: ftp-proxy.8,v 1.5 2006/08/30 06:30:00 camield Exp $
 .\"
 .\" Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
 .\"
@@ -164,6 +164,14 @@ pass out proto tcp from $proxy to any port 21 keep state
 .Xr pf 4 ,
 .Xr pf.conf 5
 .Sh CAVEATS
+.Xr pf 4
+does not allow the ruleset to be modified if the system is running at a
+.Xr securelevel 7
+higher than 1.
+At that level
+.Nm ftp-proxy
+cannot add rules to the anchors and FTP data connections may get blocked.
+.Pp
 Negotiated data connection ports below 1024 are not allowed.
 .Pp
 The negotiated IP address for active modes is ignored for security
author	camield <camield@openbsd.org>	2006-08-30 06:30:00 +0000
committer	camield <camield@openbsd.org>	2006-08-30 06:30:00 +0000
commit	2ec0924944a1d3f16146f083bd604dd224cdc88c (patch)
tree	181337bd23993c29131abacc26f055a7f9af07d5 /usr.sbin/ftp-proxy
parent	Remove useless logging, the logged event happens all the time, no need to (diff)
download	wireguard-openbsd-2ec0924944a1d3f16146f083bd604dd224cdc88c.tar.xz wireguard-openbsd-2ec0924944a1d3f16146f083bd604dd224cdc88c.zip