Obtain yet another text from old security chapter (rev. 1.229)

to replace IPFIREWALL_VERBOSE_LIMIT description. Improved by: trhodes
svn path=/head/; revision=23892
2005-02-25 09:07:37 +00:00 · 2005-02-25 09:07:37 +00:00 · 1a5ab23a37 · 2020-12-08 03:00:23 +00:00
commit 1a5ab23a37
parent a4ef4737ba
1 changed files with 5 additions and 7 deletions
--- a/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml
@ -2026,13 +2026,11 @@ net.inet.ip.fw.verbose_limit=5</programlisting>

      <programlisting>options    IPFIREWALL_VERBOSE_LIMIT=5</programlisting>

-      <para>This specifies the default number of packets from a
-        particular rule is to be logged. Without this option, each
-        repeated occurrences of the same packet will be logged, and
-        eventually consuming all the free disk space resulting in
-        services being denied do to lack of resources. The number <literal>5</literal> is the
-        number of consecutive times to log evidence of this unique
-        occurrence.</para>
+      <para>Limits the number of packets logged through
+	&man.syslogd.8; on a per entry basis.  You may wish to use
+	this option in hostile environments which you want to log
+	firewall activity.  This will close a possible denial of
+	service attack via syslog flooding.</para>

      <indexterm>
 	<primary>kernel options</primary>