Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Jul 1999 13:17:05 -0600
From:      Nate Williams <nate@mt.sri.com>
To:        Joe Greco <jgreco@ns.sol.net>
Cc:        nate@mt.sri.com (Nate Williams), julian@whistle.com, green@FreeBSD.ORG, dillon@apollo.backplane.com, hackers@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG
Subject:   Re: securelevel and ipfw zero
Message-ID:  <199907271917.NAA26828@mt.sri.com>
In-Reply-To: <199907271859.NAA09676@aurora.sol.net>
References:  <199907271715.LAA25892@mt.sri.com> <199907271859.NAA09676@aurora.sol.net>

next in thread | previous in thread | raw e-mail | index | archive | help
> > > I like the ability at secure level 3 to only reset the counters forward..
> > > It fits in with such things as the "append only" flag.
> > 
> > Then we'd have to implement per-rule counters that default to
> > IPFW_VERBOSE_LIMIT but that could be changed to anything.  That's a very
> > different setup than what we currently have.
> > 
> > (Another thing I just thought of is that this could cause DoS attacks on
> > the system if a user compromised root and then set the limit to a very
> > high number.)
> 
> This is already possible via sysctl, the VERBOSE_LIMIT variable may be
> altered.

Can this be altered in securelevel==3?


Nate


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907271917.NAA26828>