Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Jul 1999 13:59:58 -0600
From:      Nate Williams <nate@mt.sri.com>
To:        Joe Greco <jgreco@ns.sol.net>
Cc:        nate@mt.sri.com (Nate Williams), hackers@freebsd.org, freebsd-ipfw@freebsd.org
Subject:   Re: securelevel and ipfw zero
Message-ID:  <199907271959.NAA27155@mt.sri.com>
In-Reply-To: <199907271956.OAA13811@aurora.sol.net>
References:  <199907271951.NAA27049@mt.sri.com> <199907271956.OAA13811@aurora.sol.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> > > > Again, it's not a fix, it's a feature.  Not being able to mess with
> > > > counters (logging or otherwise) is a feature.  It may be a feature that
> >               ^^^^^^^^^^^^^^^^^^^^
> > > > you can do without, but that decision is not to be made lightly.
> > > 
> > > I'm _saying_ to create a completely separate counter which has nothing to
> > > do with accounting.
> > 
> > See above.
> 
> I did see above.  If the sole purpose of a counter is to turn _off_ a
> feature to prevent DoS attacks, and it is clearly desirable that the
> admin (or a representative entity such as a monitoring system) would
> want to be able to re-enable the logging under those same terms at some
> admin-specified interval, how exactly would you choose to implement this?

What was originally intended and what it's used for now are two
different things.

I'd like to see people other than you, I, and Matt discussing this.
Other people who use this feature of IPFW that have an opinion one way
or the other should speak up.

A group of two very opinionated people doesn't make a consensus, or
necessarily the 'right' decision. :) :) :)



Nate


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?199907271959.NAA27155>