How to prevent FS overflow due to excessive logging?
David DeSimone
fox at verio.net
Wed Nov 14 11:27:13 PST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tobias Ernst <tobi at casino.uni-stuttgart.de> wrote:
>
> I do not want to disable UDP logging generally - after all I want to be
> told when things like this happen.
If you put "keep state" on your drop+log rule, PF will only log the
first packet that gets dropped, which reduces logging considerably.
However, you will not be alerted to the fact that millions of packets
are being sent, in this scenario, so you would have to detect that via
other means.
- --
David DeSimone == Network Admin == fox at verio.net
"This email message is intended for the use of the person to whom
it has been sent, and may contain information that is confidential
or legally protected. If you are not the intended recipient or have
received this message in error, you are not authorized to copy, dis-
tribute, or otherwise use this message or its attachments. Please
notify the sender immediately by return e-mail and permanently delete
this message and any attachments. Verio, Inc. makes no warranty that
this email is error or virus free. Thank you." --Lawyer Bot 6000
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFHOzGHFSrKRjX5eCoRAlASAJ4sIqjHk1bZ01XuEL/BFS77kby5lwCcCouy
2KjtMZFaXm0OMr38Skxmk3w=
=p2SR
-----END PGP SIGNATURE-----
More information about the freebsd-pf
mailing list