Date: Tue, 27 Jul 1999 11:33:45 +0400 From: Max Mukhin <hitower@don.sitek.net> To: Joe Greco <jgreco@ns.sol.net> Cc: freebsd-hackers@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG Subject: Re: securelevel and ipfw zero Message-ID: <379D60D9.2620590F@don.sitek.net> References: <199907261816.NAA05470@aurora.sol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Joe Greco wrote: > > Hello, > > So, I've a box that I have an ipfw ruleset on. The firewall should not be > changeable during runtime, and the box runs at securelevel=3. > > In order to prevent DoS disk-fill attacks, I also have specified > IPFW_VERBOSE_LIMIT. > > Now, the problem is, in securelevel 3, you cannot zero a rule's counter, > so basically once you are up and running, you get to log IPFW_VERBOSE_LIMIT > events and then you lose logging (ideally I'd zero nonzero rules once every > N minutes). how about newsyslog? it will save space a much, i think > > Comments? > > ... Joe > > ------------------------------------------------------------------------------- > Joe Greco - Systems Administrator jgreco@ns.sol.net > Solaria Public Access UNIX - Milwaukee, WI 414/342-4847 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message -- hitower@don.sitek.net | ICQ 21050590 | Rostov-on-Don, Russia -----------------------+--------------+-------------------------------- PGP fingerprint: 2E26 C4FF 6940 1F7E 0188 1684 7B21 CF13 068D AE82 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?379D60D9.2620590F>