From owner-freebsd-net  Mon Jul 16 13: 2:25 2001
Delivered-To: freebsd-net@freebsd.org
Received: from kawoserv.kawo2.rwth-aachen.de (kawoserv.kawo2.RWTH-Aachen.DE [134.130.180.1])
	by hub.freebsd.org (Postfix) with ESMTP id BA43637B405
	for <freebsd-net@FreeBSD.org>; Mon, 16 Jul 2001 13:02:19 -0700 (PDT)
	(envelope-from alex@big.endian.de)
Received: from zerogravity.kawo2.rwth-aachen.de (zerogravity.kawo2.rwth-aachen.de [134.130.181.28])
	by kawoserv.kawo2.rwth-aachen.de (8.9.3/8.9.3) with ESMTP id WAA00976
	for <freebsd-net@FreeBSD.org>; Mon, 16 Jul 2001 22:02:18 +0200
Received: by zerogravity.kawo2.rwth-aachen.de (Postfix, from userid 1001)
	id 27C3E14DAB; Mon, 16 Jul 2001 22:02:18 +0200 (CEST)
Date: Mon, 16 Jul 2001 22:02:18 +0200
From: Alexander Langer <alex@big.endian.de>
To: freebsd-net@FreeBSD.org
Subject: IP accounting/filtering for bigger setups
Message-ID: <20010716220218.A7652@zerogravity.kawo2.rwth-aachen.d>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
X-PGP-Fingerprint: 44 28 CA 4C 46 5B D3 A8  A8 E3 BA F3 4E 60 7D 7F
X-PGP-at: finger alex@big.endian.de
X-Verwirrung: Dieser Header dient der allgemeinen Verwirrung.
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Hi!

We have to account the traffic of >450 IPs and also have to deny
traffic to/from a few IPs.

We are currently using a half-baken solution with ipfw and a
config with 6 rules for each IP, which makes the stuff quite
uncomfortable.
(on high network load, "ipfw list" takes minutes, we have to check
6 rules for each IP, ...)

We are now searching for other solutions and I wondered, if one could
recommend them.

I'd prefer something, that automatically accounts the traffic
for all routed IPs (and, if possible, with some exceptions, e.g.
only traffic, that leaves a certain subnet), and can also still deny
some traffic.

Anyone has some suggestions for us?

Thanks

Alex

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message