From owner-freebsd-net Fri Sep 8 4:25:32 2000 Delivered-To: freebsd-net@freebsd.org Received: from info.iet.unipi.it (info.iet.unipi.it [131.114.9.184]) by hub.freebsd.org (Postfix) with ESMTP id C1D6C37B424 for ; Fri, 8 Sep 2000 04:25:26 -0700 (PDT) Received: (from luigi@localhost) by info.iet.unipi.it (8.9.3/8.9.3) id NAA33256; Fri, 8 Sep 2000 13:26:13 +0200 (CEST) (envelope-from luigi) From: Luigi Rizzo Message-Id: <200009081126.NAA33256@info.iet.unipi.it> Subject: Re: useripacct In-Reply-To: from Paul Herman at "Sep 8, 2000 01:18:13 pm" To: Paul Herman Date: Fri, 8 Sep 2000 13:26:13 +0200 (CEST) Cc: Ramses Smeyers , freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > ipfw doesn't implement quotas, but yes you would have to have a > separate rule for each uid/gid -- agreed, not so efficient for ipfw to > do. Not really. There are several pieces now in ipfw/dummynet which can generate rules and pipes from a template, (see the keep-state rules and the "mask" specifier in dummynet pipes), so the implementation of per-uid quotas would be efficient and rather trivial (basically a small modification to dynamic pipes where you just check the quota). > Other than that, I can imagine an optional external daemon similar to > natd(8) which enforces network quotas via a "divert" ipfw rule. killing performance in the meantime... cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message