From owner-freebsd-security  Thu Aug 31 22: 6:25 2000
Delivered-To: freebsd-security@freebsd.org
Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6])
	by hub.freebsd.org (Postfix) with ESMTP
	id E549B37B423; Thu, 31 Aug 2000 22:06:21 -0700 (PDT)
Received: by jade.chc-chimes.com (Postfix, from userid 1001)
	id 5B3E91C66; Fri,  1 Sep 2000 01:06:21 -0400 (EDT)
Date: Fri, 1 Sep 2000 01:06:21 -0400
From: Bill Fumerola <billf@chimesnet.com>
To: Brian Fundakowski Feldman <green@FreeBSD.org>
Cc: Will Andrews <will@physics.purdue.edu>,
	"R.Sharma" <rsharma@apsara.barc.ernet.in>,
	freebsd-security@FreeBSD.ORG
Subject: Re: How to clear IPFW counters
Message-ID: <20000901010621.A33771@jade.chc-chimes.com>
References: <20000825071028.F41087@argon.gryphonsoft.com> <Pine.BSF.4.21.0009010048510.558-100000@green.dyndns.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <Pine.BSF.4.21.0009010048510.558-100000@green.dyndns.org>; from green@FreeBSD.org on Fri, Sep 01, 2000 at 12:49:32AM -0400
X-Operating-System: FreeBSD 3.3-STABLE i386
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, Sep 01, 2000 at 12:49:32AM -0400, Brian Fundakowski Feldman wrote:
> On Fri, 25 Aug 2000, Will Andrews wrote:
> 
> > On Fri, Aug 25, 2000 at 03:22:52PM +0530, R.Sharma wrote:
> > >  Can any one tell me how to clear IPFW counters when system is running in
> > >  secure level 3.
> > 
> > >From init(8) manpage:
> > 
> >      3     Network secure mode - same as highly secure mode, plus IP packet
> >            filter rules (see ipfw(8) and ipfirewall(4))  cannot be changed and
> >            dummynet(4) configuration cannot be adjusted.
> > 
> > You are SOL.
> 
> Unless what you want to do is reset the logging counters.  That's a
> nice thing to be able to do :)

Right, you actually can do that, which is what the original poster was asking.

        /*
         * Disallow sets in really-really secure mode, but still allow
         * the logging counters to be reset.
         */
        if (sopt->sopt_dir == SOPT_SET && securelevel >= 3 &&
            sopt->sopt_name != IP_FW_RESETLOG)
                        return (EPERM);


-- 
Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
                billf@chimesnet.com / billf@FreeBSD.org





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message