From owner-freebsd-security Fri Sep 1 7:49:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 500EB37B422; Fri, 1 Sep 2000 07:49:15 -0700 (PDT) Received: from bsdie.rwsystems.net([209.197.223.2]) (1754 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Fri, 1 Sep 2000 09:38:33 -0500 (CDT) (Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7) Date: Fri, 1 Sep 2000 09:38:16 -0500 (CDT) From: James Wyatt To: Brian Fundakowski Feldman Cc: Will Andrews , "R.Sharma" , freebsd-security@FreeBSD.ORG Subject: Re: How to clear IPFW counters In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 1 Sep 2000, Brian Fundakowski Feldman wrote: > On Fri, 1 Sep 2000, James Wyatt wrote: > > > Unless what you want to do is reset the logging counters. That's a > > > nice thing to be able to do :) > > > > Unless those logging counters are what you use to track (cross-check, > > really) hacking attempts. Then, you want them left alone so the Wiley > > Hacker(tm) doesn't reset them. Contrived, I guess, but reasonable. - Jy@ > > There are several kinds of counters. One is the "packet matching" > counter, and another is the "bytes matching" counter. The one I added > recently was the "virtual logging counter", which has the sole purpose > of controlling the output of log messages for matched packets. > > I made the decision that it wouldn't be any kind of loss of security > to allow this counter to be reset (it can only be used to turn back > on logging which was disabled by having matched "logamount" number of > times). Good decision and explanation. Thank you for both! - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message