From owner-freebsd-security  Sun Sep 12 10:19:14 1999
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP id 3073914CCC
	for <freebsd-security@FreeBSD.ORG>; Sun, 12 Sep 1999 10:17:55 -0700 (PDT)
	(envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.3) id TAA14850;
	Sun, 12 Sep 1999 19:16:40 +0200 (CEST)
	(envelope-from des)
To: Will Andrews <andrews@TECHNOLOGIST.COM>
Cc: (Anil Jangity) <aj@entic.net>, freebsd-security@FreeBSD.ORG
Subject: Re: ipfw question
References: <XFMail.990912101025.andrews@TECHNOLOGIST.COM>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 12 Sep 1999 19:16:39 +0200
In-Reply-To: Will Andrews's message of "Sun, 12 Sep 1999 10:10:25 -0400 (EDT)"
Message-ID: <xzpemg4124o.fsf@flood.ping.uio.no>
Lines: 17
X-Mailer: Gnus v5.5/Emacs 19.34
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Will Andrews <andrews@TECHNOLOGIST.COM> writes:
>                 [...] The drawback to these features is that the limit doesn't
> behave the way I think it should (although as a result, I don't use
> VERBOSITY_LIMIT) - instead of just counting repeating packets, it kills the
> rule the packets are matched against after the rule reaches the limit specified.

It would be more accurate (and less misleading) to say "silence"
instead of "kill". It does not remove nor disable the rule, it just
stops logging packets that match that particular rule until you reset
the counters. In 4.0, you can reset the log counters independently of
the match counters ('ipfw resetlog' instead of 'ipfw zero'), which
allows you to restart logging even when running at high securelevels
(all ipfw commands except resetlog are disabled at securelevel >= 3).

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message