Date: Wed, 28 Jul 1999 02:19:06 -0400 (EDT) From: "Brian F. Feldman" <green@FreeBSD.org> To: Nate Williams <nate@mt.sri.com> Cc: Joe Greco <jgreco@ns.sol.net>, hackers@FreeBSD.org, freebsd-ipfw@FreeBSD.org Subject: Re: securelevel and ipfw zero Message-ID: <Pine.BSF.4.10.9907280217180.71863-100000@janus.syracuse.net> In-Reply-To: <199907280449.WAA29417@mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 27 Jul 1999, Nate Williams wrote:
> > If it will get ALL of you to give it a rest, how about:
> > per-rule logging limits
> > logging limit raising
> > logging limit resetting
> > Which would all NOT affect the statistics?
>
> We need more input from people who use the code, to make sure they don't
> depend on the current 'features', or can live with changes to them.
>
> Implementing it is the easy part, making sure it's the right thing to do
> is the hard part.
Well, the easy part is done, except for raising limits. Look:
ipfw: 1 Deny ICMP:8.0 127.0.0.1 127.0.0.1 out via lo0
ipfw: 1 Deny ICMP:8.0 127.0.0.1 127.0.0.1 out via lo0
ipfw: limit 2 reached on rule #1
ipfw: Entry 1 logging count reset.
ipfw: 1 Deny ICMP:8.0 127.0.0.1 127.0.0.1 out via lo0
ipfw: 1 Deny ICMP:8.0 127.0.0.1 127.0.0.1 out via lo0
ipfw: limit 2 reached on rule #1
Nice? :)
I think this feature should DEFINITELY go in. I'm going to clean it up some
(ip_fw.c itself), and then make a set of diffs for this feature.
>
>
> Nate
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message
>
Brian Fundakowski Feldman _ __ ___ ____ ___ ___ ___
green@FreeBSD.org _ __ ___ | _ ) __| \
FreeBSD: The Power to Serve! _ __ | _ \._ \ |) |
http://www.FreeBSD.org/ _ |___/___/___/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9907280217180.71863-100000>