Date: Fri, 1 Sep 2000 07:20:47 -0400 (EDT) From: Brian Fundakowski Feldman <green@FreeBSD.org> To: James Wyatt <jwyatt@rwsystems.net> Cc: Will Andrews <will@physics.purdue.edu>, "R.Sharma" <rsharma@apsara.barc.ernet.in>, freebsd-security@FreeBSD.ORG Subject: Re: How to clear IPFW counters Message-ID: <Pine.BSF.4.21.0009010716290.27710-100000@green.dyndns.org> In-Reply-To: <Pine.BSF.4.10.10009010115090.39906-100000@bsdie.rwsystems.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 1 Sep 2000, James Wyatt wrote: > > > You are SOL. > > > > Unless what you want to do is reset the logging counters. That's a > > nice thing to be able to do :) > > Unless those logging counters are what you use to track (cross-check, > really) hacking attempts. Then, you want them left alone so the Wiley > Hacker(tm) doesn't reset them. Contrived, I guess, but reasonable. - Jy@ There are several kinds of counters. One is the "packet matching" counter, and another is the "bytes matching" counter. The one I added recently was the "virtual logging counter", which has the sole purpose of controlling the output of log messages for matched packets. I made the decision that it wouldn't be any kind of loss of security to allow this counter to be reset (it can only be used to turn back on logging which was disabled by having matched "logamount" number of times). -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009010716290.27710-100000>