From owner-freebsd-pf@FreeBSD.ORG Thu Aug 21 07:46:56 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9432F106566C for ; Thu, 21 Aug 2008 07:46:56 +0000 (UTC) (envelope-from jsimola@gmail.com) Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.188]) by mx1.freebsd.org (Postfix) with ESMTP id 243938FC18 for ; Thu, 21 Aug 2008 07:46:55 +0000 (UTC) (envelope-from jsimola@gmail.com) Received: by fk-out-0910.google.com with SMTP id k31so769465fkk.11 for ; Thu, 21 Aug 2008 00:46:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=u/8H+/MC+SK1XwyL9H1g3z0WBJYLv/oeydA0mhhx7/U=; b=sPEteQQZ107N19wYmgyzwi4lPVm+5Rwcnm924Y70CmnRPYMSkxchDx4hpz6TaLshnv 06UYs8Ki94kyKY3iGXqenKZveTt15d3BzbAfLaPesHpb6QaHUWgodVU5ewhih/5lHEEv XU8zqu9zKow/r5s+2oXsjiY9K/LNgX78g4U64= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=EMjv3YrFo8HUi5IUzeOjDxhQ81K/waXoJWZ5EGH5DrmhDkii9xJKHfIojC3ZyFiHrb Lj+klbkVZVsh1ds7LXayhVDwnbp0QLDnPnpwQz8+NsgH/gHSdqdXUam1U8GivxuLLB90 KU8NUxHeh2I3KydBDA8/yaDr02xozp8hIPpT8= Received: by 10.180.217.1 with SMTP id p1mr593208bkg.80.1219303275138; Thu, 21 Aug 2008 00:21:15 -0700 (PDT) Received: by 10.180.242.3 with HTTP; Thu, 21 Aug 2008 00:21:15 -0700 (PDT) Message-ID: <8eea04080808210021v68b34d2cxb07573f8888b25bf@mail.gmail.com> Date: Thu, 21 Aug 2008 00:21:15 -0700 From: "Jon Simola" To: "Erik Danielsson" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <48AC1BCE.3050109@quis.cx> Cc: freebsd-pf@freebsd.org Subject: Re: Limiting bandwidth X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Aug 2008 07:46:56 -0000 On Wed, Aug 20, 2008 at 10:07 PM, Erik Danielsson wrote: > One question remains though. To count the total traffic from a certain IP > range, should a separate PF rule with a label be used? If so, how can I > reset only the labels statistics whenever I want to? PF already maintains counters for each entry in a table, add -v when showing a table to see them. So explaining in pseudo format, I'd try something like table persist; table persist { 10.0.0.1, 10.0.0.2, ... } pass in all pass out from to any pass out from to any queue overlimit You need a cronjob at midnight to flush the over10gb table, and zero the counters for myiprange. A second cronjob would do "pfctl -t myiprange -vT show", add up the numbers, and spit out any IPs that are over into "pfctl -t over10gb -T add $SOMEIPS" Hopefully that's enough to get you started, or at least an idea of some way to approach it. -- Jon