ehm...
I would like to know if there is any plan to limit the number of bytes a TCP
connection can transfer. The idea is to drop/close the connection after $SIZE
bytes have been transferred.
Why ?
1) Hosting/housing can limit file sizes (need to remove the support for
resumed download on the server)
2) Good for SPAM. (Every IP from blacklists could be allowed to send only
small mails, instead of +100Kb attachments)
3) qmail cannot be exploited 8-)
Please note also that it could be extended to disable a rule after $SIZE is
exceeded. This is good for Housing/Hosting who want to sell X Gb of bandwidth
for each IP. With a single rule like this:
pass in quick on $gw_ext inet from any to $housing_1 keep state max-size 10Gb
When PF finds that the counter of this rule has exceeded the 10Gb limit, it
should disable/remove that rule. If the client pays for more bandwidth, the
administrator could reactivate that rule.
Ed
