Paolo Pisati wrote:
On Thu, Mar 13, 2008 at 09:21:11AM +0000, Vadim Goncharov wrote:
http://www.freebsd.org/cgi/query-pr.cgi?pr=80642
Yes, this is useful, but some minor changes are needed, I think. First, rename
it to "bytelimit" or somewhat. Second, allow this to use tablearg and possibly
ability to reference a counter to corresponding dynamic rule, to allow this to
act for a specific IP or connection without need to write many rules. Third,
add packet counter as well. That's all possible with one opcode, though...
if anyone post an updated patch, i'll commit it.
So, updated patch is here:
http://butcher.heavennet.ru/patches/kernel/ipfw/ipfw_counterlimit.diff
Now this option divided into two "counterlimit-bytes" and
"counterlimit-packets".
Rules example:
add allow ip from any to 10.0.0.1 counterlimit-bytes 100M \
in recv external_if
add allow ip from any to 10.0.0.1 counterlimit-pakets 50 \
in recv external_if
About Vadim's prepositions:
1. tablearg: it's possible, but now we use u32 argument in
tables, but counterlimits are 64-bits values. First of we
should extend our current table argument to 64 bit.
2. dynamic rules: i think it should be implemented as extension
to current O_LIMIT opcode or something similar.
Also i have question about my current implementation. Does it
needed to have ability of "humanized" printing of limits, which
was implemented before?
--
WBR, Andrey V. Elsukov
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
