Date: Tue, 16 Jul 2002 12:40:59 -0700 From: Luigi Rizzo <rizzo@icir.org> To: ipfw@freebsd.org Subject: Ouch! ipfw log and DoS Message-ID: <20020716124059.A2635@iguana.icir.org>
next in thread | raw e-mail | index | archive | help
it just occurred to me that if you have ipfw add accept log <match pattern> and you log to a remote host and your syslog messages match your pattern, then you have created a loop. There are endless variations of the above. Bottom line is that (i believe) log messages generated by ipfw should be rate-limited to some not-too-large value (maybe controlled by a sysctl variable). Any objections if i implement that (which probably amounts to the following lines of code at the beginnning of ipfw_log(): ---------------- static last_log, log_left; if (last_log != time_second) { last_log = time_second; log_left = ipfw_log_rate; } if (log_left == 0) return; log_left--; ---------------- cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020716124059.A2635>