From owner-freebsd-hackers  Mon Jul 26 20:43: 0 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38])
	by hub.freebsd.org (Postfix) with ESMTP
	id E99EB151CC; Mon, 26 Jul 1999 20:42:56 -0700 (PDT)
	(envelope-from julian@whistle.com)
Received: from current1.whistle.com (current1.whistle.com [207.76.205.22])
	by alpo.whistle.com (8.9.1a/8.9.1) with SMTP id UAA82669;
	Mon, 26 Jul 1999 20:42:21 -0700 (PDT)
Date: Mon, 26 Jul 1999 20:42:20 -0700 (PDT)
From: Julian Elischer <julian@whistle.com>
To: "Brian F. Feldman" <green@FreeBSD.ORG>
Cc: Matthew Dillon <dillon@apollo.backplane.com>,
	Joe Greco <jgreco@ns.sol.net>, hackers@FreeBSD.ORG,
	freebsd-ipfw@FreeBSD.ORG
Subject: Re: securelevel and ipfw zero
In-Reply-To: <Pine.BSF.4.10.9907262322120.35843-100000@janus.syracuse.net>
Message-ID: <Pine.BSF.3.95.990726204047.28343P-100000@current1.whistle.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I like the ability at secure level 3 to only reset the counters forward..
It fits in with such things as the "append only" flag.

Maybe a new keyword. "advance"


julian


On Mon, 26 Jul 1999, Brian F. Feldman wrote:

> On Mon, 26 Jul 1999, Matthew Dillon wrote:
> 
> > 
> > :That doesn't mean we shouldn't allow people to have an unsophisticated setup,
> > :just because a sophisticated one is available. It would be useful to have
> > :a per-firewall-rule counter, decrement it on each match if logging and
> > :set, and be able to reset to something higher.
> > :
> > : Brian Fundakowski Feldman      _ __ ___ ____  ___ ___ ___  
> > 
> >     There may be some confusion here.  I am advocating that we *allow* the
> >     zeroing of counters at secure level 3.
> 
> Which is what I am advocating against.
> 
> > 
> > 					-Matt
> > 					Matthew Dillon 
> > 					<dillon@backplane.com>
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-ipfw" in the body of the message
> > 
> 
>  Brian Fundakowski Feldman      _ __ ___ ____  ___ ___ ___  
>  green@FreeBSD.org                   _ __ ___ | _ ) __|   \ 
>      FreeBSD: The Power to Serve!        _ __ | _ \._ \ |) |
>        http://www.FreeBSD.org/              _ |___/___/___/ 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message