From owner-freebsd-ipfw Wed Jul 28 12:38:54 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from ns.mt.sri.com (ns.mt.sri.com [206.127.79.91]) by hub.freebsd.org (Postfix) with ESMTP id 08E9114FEE; Wed, 28 Jul 1999 12:38:44 -0700 (PDT) (envelope-from nate@mt.sri.com) Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by ns.mt.sri.com (8.8.8/8.8.8) with SMTP id NAA04448; Wed, 28 Jul 1999 13:37:18 -0600 (MDT) (envelope-from nate@rocky.mt.sri.com) Received: by mt.sri.com (SMI-8.6/SMI-SVR4) id NAA02547; Wed, 28 Jul 1999 13:37:17 -0600 Date: Wed, 28 Jul 1999 13:37:17 -0600 Message-Id: <199907281937.NAA02547@mt.sri.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: "Brian F. Feldman" Cc: Nate Williams , Joe Greco , hackers@FreeBSD.org, freebsd-ipfw@FreeBSD.org Subject: Re: securelevel and ipfw zero In-Reply-To: References: <199907281539.JAA01265@mt.sri.com> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > > > Implementing it is the easy part, making sure it's the right thing to do > > > > is the hard part. > > > > > > Well, the easy part is done, except for raising limits. Look: > > > ipfw: 1 Deny ICMP:8.0 127.0.0.1 127.0.0.1 out via lo0 > > > ipfw: 1 Deny ICMP:8.0 127.0.0.1 127.0.0.1 out via lo0 > > > ipfw: limit 2 reached on rule #1 > > > ipfw: Entry 1 logging count reset. > > > ipfw: 1 Deny ICMP:8.0 127.0.0.1 127.0.0.1 out via lo0 > > > ipfw: 1 Deny ICMP:8.0 127.0.0.1 127.0.0.1 out via lo0 > > > ipfw: limit 2 reached on rule #1 > > > > > > Nice? :) > > > > Depends on how it effects the speed of the system and if it makes the > > code too complex. :) > > None and no. Beauty is in the eye of the beholder. Let's suspend judgement on it until we actually get a chance to review it, pride in your work not withstanding. :) :) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message