K 10
svn:author
V 4
csjp
K 8
svn:date
V 27
2004-05-25T15:02:12.000000Z
K 7
svn:log
V 334
Add a super-user check to ipfw_ctl() to make sure that the calling
process is a non-prison root. The security.jail.allow_raw_sockets
sysctl variable is disabled by default, however if the user enables
raw sockets in prisons, prison-root should not be able to interact
with firewall rule sets.

Approved by:	rwatson, bmilekic (mentor)

END