From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 13 09:21:21 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 065EB106566B for ; Thu, 13 Mar 2008 09:21:21 +0000 (UTC) (envelope-from freebsd-ipfw@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id BA7388FC1A for ; Thu, 13 Mar 2008 09:21:20 +0000 (UTC) (envelope-from freebsd-ipfw@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1JZjck-0003ZB-Su for freebsd-ipfw@freebsd.org; Thu, 13 Mar 2008 09:21:18 +0000 Received: from 195.208.174.178 ([195.208.174.178]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 13 Mar 2008 09:21:18 +0000 Received: from vadim_nuclight by 195.208.174.178 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 13 Mar 2008 09:21:18 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-ipfw@freebsd.org From: Vadim Goncharov Date: Thu, 13 Mar 2008 09:21:11 +0000 (UTC) Organization: Nuclear Lightning @ Tomsk, TPU AVTF Hostel Lines: 22 Message-ID: References: <200803122100.m2CL0t7V088955@freefall.freebsd.org> X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 195.208.174.178 X-Comment-To: vwe@FreeBSD.org User-Agent: slrn/0.9.8.1 (FreeBSD) Sender: news Subject: Re: kern/80642: [ipfw] [patch] ipfw small patch - new RULE OPTION X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vadim_nuclight@mail.ru List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Mar 2008 09:21:21 -0000 Hi vwe@FreeBSD.org! On Wed, 12 Mar 2008 21:00:55 GMT; vwe@FreeBSD.org wrote about 'Re: kern/80642: [ipfw] [patch] ipfw small patch - new RULE OPTION': > State-Changed-From-To: open->suspended > State-Changed-By: vwe > State-Changed-When: Wed Mar 12 20:58:32 UTC 2008 > State-Changed-Why: > Awaiting maintainer interest. > This may be useful for one, so we're not just closing this silently. > http://www.freebsd.org/cgi/query-pr.cgi?pr=80642 Yes, this is useful, but some minor changes are needed, I think. First, rename it to "bytelimit" or somewhat. Second, allow this to use tablearg and possibly ability to reference a counter to corresponding dynamic rule, to allow this to act for a specific IP or connection without need to write many rules. Third, add packet counter as well. That's all possible with one opcode, though... -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]