From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 13 11:26:35 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CB829106566B for ; Thu, 13 Mar 2008 11:26:35 +0000 (UTC) (envelope-from asstec@matik.com.br) Received: from msrv.matik.com.br (msrv.matik.com.br [200.152.83.14]) by mx1.freebsd.org (Postfix) with ESMTP id 4C8908FC26 for ; Thu, 13 Mar 2008 11:26:35 +0000 (UTC) (envelope-from asstec@matik.com.br) Received: from anb.p.matik.com.br (anb.p.matik.com.br [200.152.83.34] (may be forged)) by msrv.matik.com.br (8.14.1/8.13.1) with ESMTP id m2DBQX2e082656; Thu, 13 Mar 2008 08:26:33 -0300 (BRT) (envelope-from asstec@matik.com.br) From: AT Matik Organization: Infomatik To: freebsd-ipfw@freebsd.org, vadim_nuclight@mail.ru Date: Thu, 13 Mar 2008 08:26:07 -0300 User-Agent: KMail/1.9.7 References: <200803122100.m2CL0t7V088955@freefall.freebsd.org> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200803130826.07875.asstec@matik.com.br> X-Virus-Scanned: ClamAV version 0.91.2, clamav-milter version 0.91.2 on msrv.matik.com.br X-Virus-Status: Clean Cc: Subject: Re: kern/80642: [ipfw] [patch] ipfw small patch - new RULE OPTION X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Mar 2008 11:26:35 -0000 On Thursday 13 March 2008 06:21:11 Vadim Goncharov wrote: > Hi vwe@FreeBSD.org! > > On Wed, 12 Mar 2008 21:00:55 GMT; vwe@FreeBSD.org wrote about 'Re:=20 kern/80642: [ipfw] [patch] ipfw small patch - new RULE OPTION': > > State-Changed-From-To: open->suspended > > State-Changed-By: vwe > > State-Changed-When: Wed Mar 12 20:58:32 UTC 2008 > > State-Changed-Why: > > Awaiting maintainer interest. > > This may be useful for one, so we're not just closing this silently. > > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D80642 > > Yes, this is useful, but some minor changes are needed, I think. First, > rename it to "bytelimit" or somewhat. Second, allow this to use tablearg > and possibly ability to reference a counter to corresponding dynamic rule, > to allow this to act for a specific IP or connection without need to write > many rules. Third, add packet counter as well. That's all possible with o= ne > opcode, though... I think the best would be that it works as "limit src-ip N" does, using=20 perhaps the limit keyword as well but as in ".... limit max-bytes N" what=20 would give sufficient possibilities for pass and skipto etc=20 =2D-=20 Atenciosamente, J.M. Respons=E1vel Plant=E3o Site Support Matik Infomatik Internet Technology (18)3551.8155 =A0(18)8112.7007 http://info.matik.com.br A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br