From owner-freebsd-ipfw Tue Jul 27 13: 0:15 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from ns.mt.sri.com (ns.mt.sri.com [206.127.79.91]) by hub.freebsd.org (Postfix) with ESMTP id 137BA15489; Tue, 27 Jul 1999 13:00:01 -0700 (PDT) (envelope-from nate@mt.sri.com) Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by ns.mt.sri.com (8.8.8/8.8.8) with SMTP id NAA17738; Tue, 27 Jul 1999 13:59:59 -0600 (MDT) (envelope-from nate@rocky.mt.sri.com) Received: by mt.sri.com (SMI-8.6/SMI-SVR4) id NAA27155; Tue, 27 Jul 1999 13:59:58 -0600 Date: Tue, 27 Jul 1999 13:59:58 -0600 Message-Id: <199907271959.NAA27155@mt.sri.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Joe Greco Cc: nate@mt.sri.com (Nate Williams), hackers@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: securelevel and ipfw zero In-Reply-To: <199907271956.OAA13811@aurora.sol.net> References: <199907271951.NAA27049@mt.sri.com> <199907271956.OAA13811@aurora.sol.net> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > > > Again, it's not a fix, it's a feature. Not being able to mess with > > > > counters (logging or otherwise) is a feature. It may be a feature that > > ^^^^^^^^^^^^^^^^^^^^ > > > > you can do without, but that decision is not to be made lightly. > > > > > > I'm _saying_ to create a completely separate counter which has nothing to > > > do with accounting. > > > > See above. > > I did see above. If the sole purpose of a counter is to turn _off_ a > feature to prevent DoS attacks, and it is clearly desirable that the > admin (or a representative entity such as a monitoring system) would > want to be able to re-enable the logging under those same terms at some > admin-specified interval, how exactly would you choose to implement this? What was originally intended and what it's used for now are two different things. I'd like to see people other than you, I, and Matt discussing this. Other people who use this feature of IPFW that have an opinion one way or the other should speak up. A group of two very opinionated people doesn't make a consensus, or necessarily the 'right' decision. :) :) :) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message