From owner-freebsd-ipfw Tue Jul 27 11:59:37 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from aurora.sol.net (aurora.sol.net [206.55.65.76]) by hub.freebsd.org (Postfix) with ESMTP id 9B2EC14BEE; Tue, 27 Jul 1999 11:59:26 -0700 (PDT) (envelope-from jgreco@aurora.sol.net) Received: (from jgreco@localhost) by aurora.sol.net (8.9.2/8.9.2/SNNS-1.02) id NAA09676; Tue, 27 Jul 1999 13:59:16 -0500 (CDT) From: Joe Greco Message-Id: <199907271859.NAA09676@aurora.sol.net> Subject: Re: securelevel and ipfw zero In-Reply-To: <199907271715.LAA25892@mt.sri.com> from Nate Williams at "Jul 27, 1999 11:15:11 am" To: nate@mt.sri.com (Nate Williams) Date: Tue, 27 Jul 1999 13:59:16 -0500 (CDT) Cc: julian@whistle.com, green@FreeBSD.ORG, dillon@apollo.backplane.com, jgreco@ns.sol.net, hackers@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > I like the ability at secure level 3 to only reset the counters forward.. > > It fits in with such things as the "append only" flag. > > Then we'd have to implement per-rule counters that default to > IPFW_VERBOSE_LIMIT but that could be changed to anything. That's a very > different setup than what we currently have. > > (Another thing I just thought of is that this could cause DoS attacks on > the system if a user compromised root and then set the limit to a very > high number.) This is already possible via sysctl, the VERBOSE_LIMIT variable may be altered. ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message