From owner-freebsd-hackers Mon Jul 26 11:48:51 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (Postfix) with ESMTP id 5B3C714D3E; Mon, 26 Jul 1999 11:48:48 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id LAA48202; Mon, 26 Jul 1999 11:47:20 -0700 (PDT) (envelope-from dillon) Date: Mon, 26 Jul 1999 11:47:20 -0700 (PDT) From: Matthew Dillon Message-Id: <199907261847.LAA48202@apollo.backplane.com> To: Joe Greco Cc: freebsd-hackers@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG Subject: Re: securelevel and ipfw zero References: <199907261816.NAA05470@aurora.sol.net> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG :Hello, : :So, I've a box that I have an ipfw ruleset on. The firewall should not be :changeable during runtime, and the box runs at securelevel=3. : :In order to prevent DoS disk-fill attacks, I also have specified :IPFW_VERBOSE_LIMIT. : :Now, the problem is, in securelevel 3, you cannot zero a rule's counter, :so basically once you are up and running, you get to log IPFW_VERBOSE_LIMIT :events and then you lose logging (ideally I'd zero nonzero rules once every :N minutes). : :Comments? : :... Joe : :------------------------------------------------------------------------------- :Joe Greco - Systems Administrator jgreco@ns.sol.net Playing devil's advocate, someone might be using those counters for accounting purposes. That's about as worse a scenario as I can think of, and I can't imagine this sort of situation would be prevalient. I'd say that the counters should be clearable at high secure level. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message