From owner-freebsd-ipfw  Wed Jul 28 12:14:49 1999
Delivered-To: freebsd-ipfw@freebsd.org
Received: from dt011n65.san.rr.com (dt011n65.san.rr.com [204.210.13.101])
	by hub.freebsd.org (Postfix) with ESMTP
	id 404C414CF3; Wed, 28 Jul 1999 12:14:42 -0700 (PDT)
	(envelope-from Doug@gorean.org)
Received: from localhost (doug@localhost)
	by dt011n65.san.rr.com (8.8.8/8.8.8) with ESMTP id MAA11893;
	Wed, 28 Jul 1999 12:12:29 -0700 (PDT)
	(envelope-from Doug@gorean.org)
Date: Wed, 28 Jul 1999 12:12:28 -0700 (PDT)
From: Doug <Doug@gorean.org>
X-Sender: doug@dt011n65.san.rr.com
To: "Brian F. Feldman" <green@FreeBSD.org>
Cc: Nate Williams <nate@mt.sri.com>, Joe Greco <jgreco@ns.sol.net>,
	hackers@FreeBSD.org, freebsd-ipfw@FreeBSD.org
Subject: Re: securelevel and ipfw zero
In-Reply-To: <Pine.BSF.4.10.9907272247490.64223-100000@janus.syracuse.net>
Message-ID: <Pine.BSF.4.05.9907281207240.11581-100000@dt011n65.san.rr.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 27 Jul 1999, Brian F. Feldman wrote:

> If it will get ALL of you to give it a rest, how about:
> 	per-rule logging limits

	This has been needed for some time now. Also, please don't forget
the oft-repeated request to have seperate accounting and logging counters
so that you can zero one, but not the other. 

> 	logging limit raising
> 	logging limit resetting

	I'd say that these are good knobs to have (I assume you're talking
sysctl's?) but I'd also like to suggest a knob that allows you to toggle
whether these can be changed at securelevel > 1, which knob is not
resettable at securelevel > 1. I think that this would answer the needs of
all parties concerned. 

> Which would all NOT affect the statistics?

	Oh good, you didn't forget. :)

> I am, yes, suggesting I will implement it.

	Coolio. And inre the request to hear from the users of the code, I
am one, have been for years, and deploy it in many different environments
(including natd, basic security, etc.). These would be very welcome
additions assuming that the performance hit is negligible. 

Thanks,

Doug
-- 
On account of being a democracy and run by the people, we are the only
nation in the world that has to keep a government four years, no matter
what it does.
                -- Will Rogers



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message