Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 28 Jul 1999 12:12:28 -0700 (PDT)
From:      Doug <>
To:        "Brian F. Feldman" <>
Cc:        Nate Williams <>, Joe Greco <>,,
Subject:   Re: securelevel and ipfw zero
Message-ID:  <>
In-Reply-To: <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Tue, 27 Jul 1999, Brian F. Feldman wrote:

> If it will get ALL of you to give it a rest, how about:
> 	per-rule logging limits

	This has been needed for some time now. Also, please don't forget
the oft-repeated request to have seperate accounting and logging counters
so that you can zero one, but not the other. 

> 	logging limit raising
> 	logging limit resetting

	I'd say that these are good knobs to have (I assume you're talking
sysctl's?) but I'd also like to suggest a knob that allows you to toggle
whether these can be changed at securelevel > 1, which knob is not
resettable at securelevel > 1. I think that this would answer the needs of
all parties concerned. 

> Which would all NOT affect the statistics?

	Oh good, you didn't forget. :)

> I am, yes, suggesting I will implement it.

	Coolio. And inre the request to hear from the users of the code, I
am one, have been for years, and deploy it in many different environments
(including natd, basic security, etc.). These would be very welcome
additions assuming that the performance hit is negligible. 


On account of being a democracy and run by the people, we are the only
nation in the world that has to keep a government four years, no matter
what it does.
                -- Will Rogers

To Unsubscribe: send mail to
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <>