Date: Fri, 1 Sep 2000 01:06:21 -0400 From: Bill Fumerola <billf@chimesnet.com> To: Brian Fundakowski Feldman <green@FreeBSD.org> Cc: Will Andrews <will@physics.purdue.edu>, "R.Sharma" <rsharma@apsara.barc.ernet.in>, freebsd-security@FreeBSD.ORG Subject: Re: How to clear IPFW counters Message-ID: <20000901010621.A33771@jade.chc-chimes.com> In-Reply-To: <Pine.BSF.4.21.0009010048510.558-100000@green.dyndns.org>; from green@FreeBSD.org on Fri, Sep 01, 2000 at 12:49:32AM -0400 References: <20000825071028.F41087@argon.gryphonsoft.com> <Pine.BSF.4.21.0009010048510.558-100000@green.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 01, 2000 at 12:49:32AM -0400, Brian Fundakowski Feldman wrote:
> On Fri, 25 Aug 2000, Will Andrews wrote:
>
> > On Fri, Aug 25, 2000 at 03:22:52PM +0530, R.Sharma wrote:
> > > Can any one tell me how to clear IPFW counters when system is running in
> > > secure level 3.
> >
> > >From init(8) manpage:
> >
> > 3 Network secure mode - same as highly secure mode, plus IP packet
> > filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and
> > dummynet(4) configuration cannot be adjusted.
> >
> > You are SOL.
>
> Unless what you want to do is reset the logging counters. That's a
> nice thing to be able to do :)
Right, you actually can do that, which is what the original poster was asking.
/*
* Disallow sets in really-really secure mode, but still allow
* the logging counters to be reset.
*/
if (sopt->sopt_dir == SOPT_SET && securelevel >= 3 &&
sopt->sopt_name != IP_FW_RESETLOG)
return (EPERM);
--
Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
billf@chimesnet.com / billf@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000901010621.A33771>