Date: Mon, 14 Feb 2005 10:43:53 +0100 From: Jeremie Le Hen <jeremie@le-hen.org> To: David Gilbert <dgilbert@dclg.ca> Cc: freebsd-net@freebsd.org Subject: Re: altq for vlans? Message-ID: <20050214094353.GX82324@obiwan.tataz.chchile.org> In-Reply-To: <16912.11613.216501.589279@canoe.dclg.ca> References: <16911.51264.86063.604597@canoe.dclg.ca> <200502140157.36085.max@love2party.net> <16912.11613.216501.589279@canoe.dclg.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
> Anyways, the _real_ problem is that traditionally, I'd used firewall > rules for accounting as well as security. To that end, labels are > very cool. However, they have one rather large defect: > > If you're dealing with keep state rules, there seems to be no obvious > way to account for incoming vs. outgoing traffic. The label only > reports total traffic for the state matching the rule... which is both > in and out. This is a workaround, but I found that ipfw's count rules are pretty useful for this purpose. This would however add processing overhead for each packet especially using gigabit Ethernet. Regards, -- Jeremie Le Hen jeremie at le-hen dot org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050214094353.GX82324>