On Wed, Jul 23, 2003 at 05:35:05PM -0700, Trevor Talbot wrote: > On Wednesday, Jul 23, 2003, at 16:28 US/Pacific, matthew j weaver wrote: > > >On Wed, Jul 23, 2003 at 03:18:05PM -0700, Trevor Talbot wrote: > > > >>simple rate limiting, where traffic exceeding the limit is dropped. > >>While the ALTQ framework does have that capability, it isn't exposed > >>in PF. It lacks the flexibility that most people would want anyway > >>(rough approximation of sharing, per-host limits, etc). > > > > You could absolutely define many conditioners on an interface with > > ALTQ, and match to those conditioners by host -- effectively making > > crude per-host limits. > > I meant in automatic terms. There have been requests for things like > "all hosts in this netblock have a limit of N kb/s each". This can be > solved with a bit of scripting, but some of the resulting rules that > have been posted have been scary in length :) > > > Losing this feature in the pf-altq mashup was unfortunate, it was an > > excellent, pragmatic solution for controlling inbound bandwidth > >usage. > > PF opens up some neat possibilities for future work on the conditioner, > since it no longer makes sense to tie it directly to an interface. > With the state engine recognizing flows, dynamic things are easier to > do.
I'm always open to good ideas (hint hint) -- Henning Brauer, BS Web Services, http://bsws.de [EMAIL PROTECTED] - [EMAIL PROTECTED] Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)