Henning Brauer [EMAIL PROTECTED] wrote: > * Ed White <[EMAIL PROTECTED]> [2004-01-23 20:34]: > > What is the opinion of PF developers here in ml ? > > don't like. > limiting bytes per state is useless. bytes total and the like are not > pf's business, it's the business of some daemon that removes/changes > the rules once a certain limit is reached. > > but we could add an editor to pfctl so you don't have to use an > external one, and intergrate cron, and...
I could use separate script that would use some parsing and use it to add certain rules to certain tables. However, I could launch that script from cron every 1 minute (minimum). In that time lots of data could be transfered. However, there could be situation where I need to block that host right now, right after limit is reached. I do not know pf internals but I could not do this functionality with awk script, do I ? May be separate daemon which could somehow constantly monitor limits and kills connections (and add rules) right away, but as I said I do not know pf internals. Petr
