From owner-freebsd-security Sat Sep 11 21: 9:17 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id D8FE814D8B for ; Sat, 11 Sep 1999 21:09:12 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id VAA30134; Sat, 11 Sep 1999 21:07:50 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199909120407.VAA30134@gndrsh.dnsmgr.net> Subject: Re: ipfw question In-Reply-To: from Anil Jangity at "Sep 11, 1999 08:43:11 pm" To: aj@entic.net (Anil Jangity) Date: Sat, 11 Sep 1999 21:07:50 -0700 (PDT) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I am using FreeBSD2.2.8 Stable with IPFW enalbed with logging. > > ipfw: 2600 Deny P:54 204.210.42.217 209.157.122.88 in via ep0 > > What does the "P:54" mean? Just wondering. Protocol 54, I would say see /etc/protocols, but it depends on how new your code is, anyway here is what IANA says about it: 54 NARP NBMA Address Resolution Protocol [RFC1735] > > -- > > Also does anyone know if IP Filters (or ipfw) let you limit logging > depending on the rate at which the rule is applied? Not that I am aware of, now would someone please code this up so I can be wrong :-) > > If I don't have a limit, my server panicked before because of an overload > of denied packets (while logging was enabled) so I now have a limit of 150 > packets that get logged. I want to be able to log at the same time also > not over log (not get it to run out of buffer and panic). > > I need to stop logging if and only if the rate at which they rules are > getting applied passes a certain point and then continue again once the > rate drecreases. > > Is this doable? Do I make sense any bit? Is this stupid? Thanks. Yes. Yes. No. Your welcome for the little help I could be. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message