On Wed, Jul 23, 2003 at 03:18:05PM -0700, Trevor Talbot wrote:
simple rate limiting, where traffic exceeding the limit is dropped. While the ALTQ framework does have that capability, it isn't exposed in PF. It lacks the flexibility that most people would want anyway (rough approximation of sharing, per-host limits, etc).
You could absolutely define many conditioners on an interface with ALTQ, and match to those conditioners by host -- effectively making crude per-host limits.
I meant in automatic terms. There have been requests for things like "all hosts in this netblock have a limit of N kb/s each". This can be solved with a bit of scripting, but some of the resulting rules that have been posted have been scary in length :)
Losing this feature in the pf-altq mashup was unfortunate, it was an
excellent, pragmatic solution for controlling inbound bandwidth usage.
PF opens up some neat possibilities for future work on the conditioner, since it no longer makes sense to tie it directly to an interface. With the state engine recognizing flows, dynamic things are easier to do.
