Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Jul 1999 11:15:11 -0600
From:      Nate Williams <nate@mt.sri.com>
To:        Julian Elischer <julian@whistle.com>
Cc:        "Brian F. Feldman" <green@FreeBSD.ORG>, Matthew Dillon <dillon@apollo.backplane.com>, Joe Greco <jgreco@ns.sol.net>, hackers@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG
Subject:   Re: securelevel and ipfw zero
Message-ID:  <199907271715.LAA25892@mt.sri.com>
In-Reply-To: <Pine.BSF.3.95.990726204047.28343P-100000@current1.whistle.com>
References:  <Pine.BSF.4.10.9907262322120.35843-100000@janus.syracuse.net> <Pine.BSF.3.95.990726204047.28343P-100000@current1.whistle.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> I like the ability at secure level 3 to only reset the counters forward..
> It fits in with such things as the "append only" flag.

Then we'd have to implement per-rule counters that default to
IPFW_VERBOSE_LIMIT but that could be changed to anything.  That's a very
different setup than what we currently have.

(Another thing I just thought of is that this could cause DoS attacks on
the system if a user compromised root and then set the limit to a very
high number.)


Nate


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?199907271715.LAA25892>