From b46dfa405c6b6092bd78b83565c3d48be4a96fab Mon Sep 17 00:00:00 2001
From: Guy Helmer <ghelmer@FreeBSD.org>
Date: Wed, 16 Dec 1998 17:10:03 +0000
Subject: [PATCH] Mention affect of securelevel 3 and higher on attempts to
 change filter lists.

Prompted by:	PR docs/7785
---
 sbin/ipfw/ipfw.8 | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8
index 6875c94aaa2c..40fb58277062 100644
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@@ -511,6 +511,11 @@ ipfw flush
 .Ed
 .Pp
 in similar surroundings is also a bad idea.
+.Pp
+The IP filter list may not be modified if the system security level
+is set to 3 or higher (see
+.Xr init 8
+for information on system security levels).
 .Sh PACKET DIVERSION
 A divert socket bound to the specified port will receive all packets diverted
 to that port; see
@@ -551,6 +556,7 @@ This rule diverts all incoming packets from 192.168.2.0/24 to divert port 5000:
 .Xr ipfirewall 4 ,
 .Xr protocols 5 ,
 .Xr services 5 ,
+.Xr init 8 ,
 .Xr reboot 8 ,
 .Xr sysctl 8 ,
 .Xr syslogd 8