From owner-freebsd-stable@FreeBSD.ORG  Sun Jun  5 18:13:25 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B025416A420
	for <freebsd-stable@freebsd.org>; Sun,  5 Jun 2005 18:13:25 +0000 (GMT)
	(envelope-from keramida@freebsd.org)
Received: from nic.ach.sch.gr (nic.sch.gr [194.63.238.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 482CA43D53
	for <freebsd-stable@freebsd.org>; Sun,  5 Jun 2005 18:13:24 +0000 (GMT)
	(envelope-from keramida@freebsd.org)
Received: (qmail 19913 invoked by uid 207); 5 Jun 2005 18:13:24 -0000
Received: from keramida@freebsd.org by nic by uid 201 with qmail-scanner-1.21 
	(sophie: 3.04/2.19/3.81.  Clear:RC:1(81.186.70.189):. 
	Processed in 0.320411 secs); 05 Jun 2005 18:13:24 -0000
Received: from dialup189.ach.sch.gr (HELO gothmog.gr) ([81.186.70.189])
	(envelope-sender <keramida@freebsd.org>)
	by nic.sch.gr (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP
	for <taglio@gmail.com>; 5 Jun 2005 18:13:23 -0000
Received: from gothmog.gr (gothmog [127.0.0.1])
	by gothmog.gr (8.13.3/8.13.3) with ESMTP id j55IDHRY055609;
	Sun, 5 Jun 2005 21:13:17 +0300 (EEST)
	(envelope-from keramida@freebsd.org)
Received: (from giorgos@localhost)
	by gothmog.gr (8.13.3/8.13.3/Submit) id j55IDG7p055604;
	Sun, 5 Jun 2005 21:13:16 +0300 (EEST)
	(envelope-from keramida@freebsd.org)
Date: Sun, 5 Jun 2005 21:13:15 +0300
From: Giorgos Keramidas <keramida@freebsd.org>
To: Riccardo Giuntoli <taglio@gmail.com>
Message-ID: <20050605181315.GE16327@gothmog.gr>
References: <31fbaca905060510563c64eb49@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <31fbaca905060510563c64eb49@mail.gmail.com>
Cc: freebsd-stable@freebsd.org, freebsd-questions@freebsd.org,
	freebsd-pf@freebsd.org
Subject: Re: limit number of tcp connection for a GID
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Jun 2005 18:13:25 -0000

On 2005-06-05 19:56, Riccardo Giuntoli <taglio@gmail.com> wrote:
> Hi folks,
> Do you have any idea for limiting the number of tcp ESTABLISHED
> connections for a GID?

ipfw can match connections per uid/gid and it also has limiting
capabilities.  When combined with dummynet, it can also enforce
bandwidth limits.  See the ipfw(8) manpage for details.

I'm not sure if pf does this already.  Even if it doesn't though,
it may be possible to write a transparent proxy that limits the
connections per uid/gid.  The support for transparent proxies in
pf is awesome :-)