From owner-freebsd-stable@FreeBSD.ORG Tue May 24 16:22:47 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1DF2816A41C for ; Tue, 24 May 2005 16:22:47 +0000 (GMT) (envelope-from tofik@oxygen.az) Received: from connect.az (mail.connect.az [62.212.230.215]) by mx1.FreeBSD.org (Postfix) with SMTP id 63C0C43D4C for ; Tue, 24 May 2005 16:22:44 +0000 (GMT) (envelope-from tofik@oxygen.az) Received: (qmail 64501 invoked from network); 24 May 2005 16:24:19 -0000 Received: from qmail by qscan (mail filter); 24 May 2005 16:24:19 +0000 Received: from unknown (HELO ?85.132.6.102?) (85.132.6.102) by mail.connect.az with SMTP; 24 May 2005 16:24:19 -0000 Message-ID: <429354B8.7080301@oxygen.az> Date: Tue, 24 May 2005 21:22:16 +0500 From: Tofik Suleymanov User-Agent: Mozilla Thunderbird 1.0 (X11/20050316) X-Accept-Language: en-us, en MIME-Version: 1.0 To: bu7cher@yandex.ru References: <4291B081.4000308@yandex.ru> In-Reply-To: <4291B081.4000308@yandex.ru> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Cc: Rauf Kuliyev , freebsd-stable@freebsd.org Subject: Re: IPFW2 patch X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 May 2005 16:22:47 -0000 Andrey V. Elsukov wrote: >Hello, Developers! > >Sorry, my english is bad. :( > >Patch to IPFW2 for adding restrictions of the traffic with use IPFW >bytes counters. >It include two parts: > >* First part is ipfw_bound.patch, this part add ipfw rule options "bound >VALUE" and "check-bound NUM". >Example: ># ipfw add 100 allow ip from any to any bound 10K ># ipfw add 200 deny ip from any to any > >While bytes counter of rule 100 below 10 KBytes, it work. > >Example: ># ipfw add 100 allow ip from A.B.C.D to any out xmit internet >check-bound 200 ># ipfw add 200 allow ip from any to A.B.C.D in recv internet bound 100M ># ipfw add 300 deny ip from any to any via internet > >While bytes counter of rule 200 below 100 MBytes, rules 100 and 200 work. >NOTE: Check-bound option search rule NUM like "ipfw skipto", but if rule >NUM not contain bound option, then match fail. > >Second part is bound_change.patch, this part add control call to ipfw >for boundary value change without bytes counter reset. >Syntax: ># ipfw bound NUM [set N] change VALUE. > >Files: >For CURRENT: >http://butcher.heavennet.ru/ipfw_bound/CURRENT/ipfw_bound.patch >http://butcher.heavennet.ru/ipfw_bound/CURRENT/bound_change.patch > >For RELENG_5: >http://butcher.heavennet.ru/ipfw_bound/RELENG_5/ipfw_bound.patch >http://butcher.heavennet.ru/ipfw_bound/RELENG_5/bound_change.patch > >For RELENG_5_4: >http://butcher.heavennet.ru/ipfw_bound/RELENG_5_4/ipfw_bound.patch >http://butcher.heavennet.ru/ipfw_bound/RELENG_5_4/bound_change.patch > > > Andrey, simple testing on RELENG_5_4 and RELENG_5 went fine.