From owner-freebsd-security@FreeBSD.ORG Mon Jan 21 13:06:34 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 196EB16A474 for ; Mon, 21 Jan 2008 13:06:34 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by mx1.freebsd.org (Postfix) with ESMTP id 98BAD13C468 for ; Mon, 21 Jan 2008 13:06:32 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.5) with SMTP id AAA11380; Tue, 22 Jan 2008 00:06:18 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Tue, 22 Jan 2008 00:06:17 +1100 (EST) From: Ian Smith To: Dan Lukes In-Reply-To: <47948C99.8060504@obluda.cz> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd security Subject: Re: denyhosts-like app for MySQLd? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jan 2008 13:06:34 -0000 On Mon, 21 Jan 2008, Dan Lukes wrote: > Ian Smith napsal/wrote, On 01/21/08 12:55: > > No problem; IPFW has tables too, and sets, with which you could > > enable/disable or > > It interests me: > > > swap your script-constructed tables atomically. > > I know how to create new set of rules then move it using "ipfw set move" > atomically but I don't know how to fill new table then move it in it's > place atomically. > > So, how to swap tables in one step ? ipfw(8) usage, probably should be followed up on questions@ .. Clearly, rules in different sets can refer to the same or to different table/s, so a 'set swap' can accomplish a 'table swap'. 'ipfw set [disable number ...] [enable number ...]' is atomic also. cheers, Ian