Date: Fri, 8 Sep 2000 13:26:13 +0200 (CEST) From: Luigi Rizzo <luigi@info.iet.unipi.it> To: Paul Herman <pherman@frenchfries.net> Cc: Ramses Smeyers <fatman@khk.org>, freebsd-net@FreeBSD.ORG Subject: Re: useripacct Message-ID: <200009081126.NAA33256@info.iet.unipi.it> In-Reply-To: <Pine.BSF.4.21.0009081300020.327-100000@bagabeedaboo.security.at12.de> from Paul Herman at "Sep 8, 2000 01:18:13 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> ipfw doesn't implement quotas, but yes you would have to have a > separate rule for each uid/gid -- agreed, not so efficient for ipfw to > do. Not really. There are several pieces now in ipfw/dummynet which can generate rules and pipes from a template, (see the keep-state rules and the "mask" specifier in dummynet pipes), so the implementation of per-uid quotas would be efficient and rather trivial (basically a small modification to dynamic pipes where you just check the quota). > Other than that, I can imagine an optional external daemon similar to > natd(8) which enforces network quotas via a "divert" ipfw rule. killing performance in the meantime... cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009081126.NAA33256>