Date: Thu, 13 Mar 2008 13:24:13 +0000 (UTC) From: Vadim Goncharov <vadim_nuclight@mail.ru> To: freebsd-ipfw@freebsd.org Subject: Re: kern/80642: [ipfw] [patch] ipfw small patch - new RULE OPTION Message-ID: <slrnftiant.106o.vadim_nuclight@hostel.avtf.net> References: <200803122100.m2CL0t7V088955@freefall.freebsd.org> <slrnfthsg7.dgk.vadim_nuclight@hostel.avtf.net> <200803130826.07875.asstec@matik.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi AT Matik! On Thu, 13 Mar 2008 08:26:07 -0300; AT Matik wrote about 'Re: kern/80642: [ipfw] [patch] ipfw small patch - new RULE OPTION': > kern/80642: [ipfw] [patch] ipfw small patch - new RULE OPTION': >>> State-Changed-From-To: open->suspended >>> State-Changed-By: vwe >>> State-Changed-When: Wed Mar 12 20:58:32 UTC 2008 >>> State-Changed-Why: >>> Awaiting maintainer interest. >>> This may be useful for one, so we're not just closing this silently. >>> >>> http://www.freebsd.org/cgi/query-pr.cgi?pr=80642 >> >> Yes, this is useful, but some minor changes are needed, I think. First, >> rename it to "bytelimit" or somewhat. Second, allow this to use tablearg >> and possibly ability to reference a counter to corresponding dynamic rule, >> to allow this to act for a specific IP or connection without need to write >> many rules. Third, add packet counter as well. That's all possible with one >> opcode, though... > I think the best would be that it works as "limit src-ip N" does, using > perhaps the limit keyword as well but as in ".... limit max-bytes N" what > would give sufficient possibilities for pass and skipto etc Dynamic rules should be reworked in more general way than this. I'll write a proposal with ideas to discuss later... -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?slrnftiant.106o.vadim_nuclight>