Secure levels (?)



  • One great thing of FreeBSD (and others) is secure levels. And a lot of manuals reports how they can be useful in conjunction with firewalls. However it seems that the pfsense GUI has nothing to activate them. I'm just curious if the rationale behind this is about the need for a reboot to lower a secure level or what.


  • Rebel Alliance Developer Netgate

    The bulk of the benefit for securelevels is protection from local users or programs. Technically pfSense is not considered a multi-user system in that way, though 2.0 is starting to blur that line a bit.

    Even for changing firewall rules that would be a major PITA to accommodate in the GUI because the firewall rules are changed dynamically all the time in circumstances where things change such as WAN IPs and the like.

    It would probably be a lot of work for very little practical benefit in the way we use FreeBSD with pfSense.


Log in to reply