On Tue, Jul 27, 1999 at 11:15:11AM -0600, Nate Williams wrote:
> Then we'd have to implement per-rule counters that default to
> IPFW_VERBOSE_LIMIT but that could be changed to anything.
*falling on my knees* If you're going to do that what would it cost me (in
chocolate bars or sushi) to get you to implement a second set of counters
that will be filled by zeroing the first set (so I was able to read out
counters and reset them without losing accounting information)? Or at least
make zeroing printing out the contents before clearing them? Oh and while
we're at it.... *runs away and tries hiding*
> (Another thing I just thought of is that this could cause DoS attacks on
> the system if a user compromised root and then set the limit to a very
> high number.)
If you have someone going berzerk as "root" on a firewall you're definitely
going to have a completely different set of headaches. Why should someone
start DoS attacks after capturing a firewall? It's like painting the
fingernails before amputating the hand.
Achim
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
