Date: Fri, 8 Sep 2000 13:18:13 +0200 (CEST) From: Paul Herman <pherman@frenchfries.net> To: Ramses Smeyers <fatman@khk.org> Cc: freebsd-net@FreeBSD.ORG Subject: Re: useripacct Message-ID: <Pine.BSF.4.21.0009081300020.327-100000@bagabeedaboo.security.at12.de> In-Reply-To: <Pine.LNX.4.21.0009081130380.3845-100000@walhalla.sin.khk.be>
next in thread | previous in thread | raw e-mail | index | archive | help
[ ...brought over to freebsd-net... ] On Fri, 8 Sep 2000, Ramses Smeyers wrote: > > ipfw(8) in FreeBSD can count packets/bytes based on uid and gid (based > > on local socket credentials.) > > are we then talking about a rule for every user?, and can this system be > used as disk quota, so with hard and soft quota (like > useripacct) does. The aim of the useripacct patch is to give a user 200MB > traffic for one month, and let their traffic block after those 200MB are > used. To implement this in freebsd, do I have to place a rule for every > user, this is like not scalable, and is their a daemon available to > control the IP flow and block users if it has to be done ? ipfw doesn't implement quotas, but yes you would have to have a separate rule for each uid/gid -- agreed, not so efficient for ipfw to do. BTW, this topic has been brushed by the freebsd-net crowd before, so you might want to arm yourself :) and browse the freebsd-net mail archive first (try keywords like "ipfw", "quota", ...) http://www.freebsd.org/search/search.html Other than that, I can imagine an optional external daemon similar to natd(8) which enforces network quotas via a "divert" ipfw rule. Whether or not network quotas are a good thing(tm) is a whole other question all together... :) -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009081300020.327-100000>