From owner-freebsd-questions@FreeBSD.ORG  Thu Feb  8 11:04:34 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 2301516A401
	for <freebsd-questions@freebsd.org>;
	Thu,  8 Feb 2007 11:04:34 +0000 (UTC) (envelope-from peter@bsdly.net)
Received: from skapet.datadok.no (skapet.datadok.no [194.54.107.19])
	by mx1.freebsd.org (Postfix) with ESMTP id B406313C471
	for <freebsd-questions@freebsd.org>;
	Thu,  8 Feb 2007 11:04:33 +0000 (UTC) (envelope-from peter@bsdly.net)
Received: from thingy.bsdly.net
	([10.168.103.11] helo=thingy.datadok.no.bsdly.net ident=peter)
	by skapet.datadok.no with esmtp (Exim 4.62)
	(envelope-from <peter@bsdly.net>) id 1HF74q-0002kB-Nd
	for freebsd-questions@freebsd.org; Thu, 08 Feb 2007 12:04:32 +0100
To: freebsd-questions@freebsd.org
References: <45C99336.3010508@demax.sk>
From: peter@bsdly.net (Peter N. M. Hansteen)
Date: Thu, 08 Feb 2007 12:04:31 +0100
In-Reply-To: <45C99336.3010508@demax.sk> (Jan Sebosik's message of "Wed,
	07 Feb 2007 09:52:06 +0100")
Message-ID: <877iusuczk.fsf@thingy.datadok.no>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: Re: Packet rate limiter
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Feb 2007 11:04:34 -0000

Jan Sebosik <sebosik@demax.sk> writes:

> is there any way how to limit packet per second [PPS] rate to specified
> IP (group of IP) ? 

The closest I can think of off the top of my head is defining a PF
rule set with queues (ALTQ), however you will be specifying bandwidth,
that is in bits per second (or k,M,G multiples of) of percentage of
available bandwidth, not number of packets.  Your groups of source
addresses could be maintained as tables for easy manipulation.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.