From owner-freebsd-net Fri Sep 8 10:49:48 2000 Delivered-To: freebsd-net@freebsd.org Received: from urban.iinet.net.au (urban.iinet.net.au [203.59.24.231]) by hub.freebsd.org (Postfix) with ESMTP id AD89437B422 for ; Fri, 8 Sep 2000 10:49:43 -0700 (PDT) Received: from jules.elischer.org (reggae-34-156.nv.iinet.net.au [203.59.167.156]) by urban.iinet.net.au (8.8.7/8.8.7) with SMTP id BAA10570; Sat, 9 Sep 2000 01:48:33 +0800 Message-ID: <39B9266B.41C67EA6@elischer.org> Date: Fri, 08 Sep 2000 10:48:27 -0700 From: Julian Elischer X-Mailer: Mozilla 3.04Gold (X11; I; FreeBSD 5.0-CURRENT i386) MIME-Version: 1.0 To: Luigi Rizzo Cc: Paul Herman , Ramses Smeyers , freebsd-net@FreeBSD.ORG Subject: Re: useripacct References: <200009081126.NAA33256@info.iet.unipi.it> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Luigi Rizzo wrote: > > > ipfw doesn't implement quotas, but yes you would have to have a > > separate rule for each uid/gid -- agreed, not so efficient for ipfw to > > do. > > Not really. > There are several pieces now in ipfw/dummynet which can generate > rules and pipes from a template, (see the keep-state rules and the > "mask" specifier in dummynet pipes), so the implementation of > per-uid quotas would be efficient and rather trivial (basically a > small modification to dynamic pipes where you just check the quota). > > > Other than that, I can imagine an optional external daemon similar to > > natd(8) which enforces network quotas via a "divert" ipfw rule. > > killing performance in the meantime... write a netgraph module to do it.. > > cheers > luigi > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message -- __--_|\ Julian Elischer / \ julian@elischer.org ( OZ ) World tour 2000 ---> X_.---._/ presently in: Perth v To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message