From owner-freebsd-hackers  Mon Jul 26 20:15: 9 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from janus.syracuse.net (janus.syracuse.net [205.232.47.15])
	by hub.freebsd.org (Postfix) with ESMTP
	id 89F8114CF7; Mon, 26 Jul 1999 20:15:05 -0700 (PDT)
	(envelope-from green@FreeBSD.org)
Received: from localhost (green@localhost)
	by janus.syracuse.net (8.9.2/8.8.7) with ESMTP id XAA37091;
	Mon, 26 Jul 1999 23:12:37 -0400 (EDT)
X-Authentication-Warning: janus.syracuse.net: green owned process doing -bs
Date: Mon, 26 Jul 1999 23:12:37 -0400 (EDT)
From: "Brian F. Feldman" <green@FreeBSD.org>
X-Sender: green@janus.syracuse.net
To: Matthew Dillon <dillon@apollo.backplane.com>
Cc: Joe Greco <jgreco@ns.sol.net>, hackers@FreeBSD.org,
	freebsd-ipfw@FreeBSD.org
Subject: Re: securelevel and ipfw zero
In-Reply-To: <199907270307.UAA49737@apollo.backplane.com>
Message-ID: <Pine.BSF.4.10.9907262311020.35843-100000@janus.syracuse.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, 26 Jul 1999, Matthew Dillon wrote:

> 
> :Instead of zeroing it, how about raising the logging limit to (current +
> :whatever the limit was)
> :
> : Brian Fundakowski Feldman      _ __ ___ ____  ___ ___ ___  
> : green@FreeBSD.org                   _ __ ___ | _ ) __|   \ 
> 
>     The way I see it either some piece of software is monitor the counters,
>     in which case the sysad does not need to clear them and does not need to
>     look at log messages, or the sysad is monitoring the stuff manually and
>     using the log messages.  In the one case the counters don't need to be
>     cleared (and, indeed, should not be), in the other case the sysad may 
>     want to clear them due to the manual monitoring.
> 
>     What we are really discussing here is the use of ipfw's counters in an
>     unsophisticated setup.  The sophisticated setup is already handled.

That doesn't mean we shouldn't allow people to have an unsophisticated setup,
just because a sophisticated one is available. It would be useful to have
a per-firewall-rule counter, decrement it on each match if logging and
set, and be able to reset to something higher.

> 
> 					-Matt
> 					Matthew Dillon 
> 					<dillon@backplane.com>
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message
> 

 Brian Fundakowski Feldman      _ __ ___ ____  ___ ___ ___  
 green@FreeBSD.org                   _ __ ___ | _ ) __|   \ 
     FreeBSD: The Power to Serve!        _ __ | _ \._ \ |) |
       http://www.FreeBSD.org/              _ |___/___/___/ 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message