Date: Tue, 27 Jul 1999 13:59:58 -0600 From: Nate Williams <nate@mt.sri.com> To: Joe Greco <jgreco@ns.sol.net> Cc: nate@mt.sri.com (Nate Williams), hackers@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: securelevel and ipfw zero Message-ID: <199907271959.NAA27155@mt.sri.com> In-Reply-To: <199907271956.OAA13811@aurora.sol.net> References: <199907271951.NAA27049@mt.sri.com> <199907271956.OAA13811@aurora.sol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > Again, it's not a fix, it's a feature. Not being able to mess with > > > > counters (logging or otherwise) is a feature. It may be a feature that > > ^^^^^^^^^^^^^^^^^^^^ > > > > you can do without, but that decision is not to be made lightly. > > > > > > I'm _saying_ to create a completely separate counter which has nothing to > > > do with accounting. > > > > See above. > > I did see above. If the sole purpose of a counter is to turn _off_ a > feature to prevent DoS attacks, and it is clearly desirable that the > admin (or a representative entity such as a monitoring system) would > want to be able to re-enable the logging under those same terms at some > admin-specified interval, how exactly would you choose to implement this? What was originally intended and what it's used for now are two different things. I'd like to see people other than you, I, and Matt discussing this. Other people who use this feature of IPFW that have an opinion one way or the other should speak up. A group of two very opinionated people doesn't make a consensus, or necessarily the 'right' decision. :) :) :) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907271959.NAA27155>