hello,
sometimes it's not the best to use stateful firewalling, e.g. when
serving a lot of clients with public, routable addresses.
because of how putting data into queues now work, for queueing clients'
bandwidth, one has to specify separate firewall lines for every queue
used.
pf manual states that table lookups are a lot faster than separate rule
lookups. what do you think about an addition like this, making this
syntax unnecessary:
pass out from 1.1.1.1 to any queue client1_down
pass out from 1.1.1.2 to any queue client2_down
pass out from 1.1.1.3 to any queue client3_down
by changing it into this:
qtable <users> { 1.1.1.1 client1, 1.1.1.2 client2_down, 1.1.1.3 client3_down }
pass out from <users> to any
i'd really welcome such addition, sorry that i couldn't present anything
more than just an idea - i'm just a half-baked programmer and can't
handle coding kernelspace by myself.
regards,
--
Stanisław Halik, http://tehran.lain.pl
