Date: Wed, 1 Aug 2001 09:37:01 -0400 (EDT) From: Rob Simmons <rsimmons@wlcg.com> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: ipfilter state tables Message-ID: <20010801093420.K41564-100000@mail.wlcg.com> In-Reply-To: <200108011032.UAA24848@cairo.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Maybe adding a kernel option: options IPSTATE_SIZE xxxxx options IPSTATE_MAX xxxxx and apropriate options for IPNAT constants? Robert Simmons Systems Administrator http://www.wlcg.com/ On Wed, 1 Aug 2001, Darren Reed wrote: > In some mail from Rob Simmons, sie said: > > > > I noticed that the code around the IPSTATE_SIZE and IPSTATE_MAX constants > > in: > > src/contrib/ipfilter/ip_state.h > > src/sys/contrib/ipfilter/netinet/ip_state.h > > > > has changed and there was a line added to: > > src/contrib/ipfilter/HISTORY > > > > "allow state/nat table sizes to be externally influenced" > > > > I had suggested that a sysctl knob, or a kernel config file knob be added > > to control these. Does this mean that the knob exists? I looked in the > > man page for sysctl and did not see anything, nor did I see anything in > > LINT about it. > > > > Am I looking in the wrong place, or was that change just a preparation for > > adding the knob? > > There's no knob at present because you really need to stop (ipf -D) ipfilter, > then change the values via sysctl, then start it (ipf -E). It's safer to > enforce this by requiring a reboot (at present). > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7aAYHv8Bofna59hYRA2U4AJ0ZrmDk+ONDwZ/+VDR1bmRvtPPpjACaArx/ 3sPtErdF7hjSrEopIXxqthg= =BUQI -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010801093420.K41564-100000>