Hi AT Matik! On Thu, 13 Mar 2008 08:26:07 -0300; AT Matik wrote about 'Re: kern/80642: [ipfw] [patch] ipfw small patch - new RULE OPTION':
> kern/80642: [ipfw] [patch] ipfw small patch - new RULE OPTION': >>> State-Changed-From-To: open->suspended >>> State-Changed-By: vwe >>> State-Changed-When: Wed Mar 12 20:58:32 UTC 2008 >>> State-Changed-Why: >>> Awaiting maintainer interest. >>> This may be useful for one, so we're not just closing this silently. >>> >>> http://www.freebsd.org/cgi/query-pr.cgi?pr=80642 >> >> Yes, this is useful, but some minor changes are needed, I think. First, >> rename it to "bytelimit" or somewhat. Second, allow this to use tablearg >> and possibly ability to reference a counter to corresponding dynamic rule, >> to allow this to act for a specific IP or connection without need to write >> many rules. Third, add packet counter as well. That's all possible with one >> opcode, though... > I think the best would be that it works as "limit src-ip N" does, using > perhaps the limit keyword as well but as in ".... limit max-bytes N" what > would give sufficient possibilities for pass and skipto etc Dynamic rules should be reworked in more general way than this. I'll write a proposal with ideas to discuss later... -- WBR, Vadim Goncharov. ICQ#166852181 mailto:[EMAIL PROTECTED] [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight] _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
