Date: Thu, 21 Aug 2008 00:21:15 -0700 From: "Jon Simola" <jsimola@gmail.com> To: "Erik Danielsson" <eridan911@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Limiting bandwidth Message-ID: <8eea04080808210021v68b34d2cxb07573f8888b25bf@mail.gmail.com> In-Reply-To: <c66fe0350808202207id862b91xc118e39cb86acb0f@mail.gmail.com> References: <c66fe0350808200556m1c331936v3cfaea441176e455@mail.gmail.com> <48AC1BCE.3050109@quis.cx> <c66fe0350808202207id862b91xc118e39cb86acb0f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 20, 2008 at 10:07 PM, Erik Danielsson <eridan911@gmail.com> wrote:
> One question remains though. To count the total traffic from a certain IP
> range, should a separate PF rule with a label be used? If so, how can I
> reset only the labels statistics whenever I want to?
PF already maintains counters for each entry in a table, add -v when
showing a table to see
them. So explaining in pseudo format, I'd try something like
table <over10gb> persist;
table <myiprange> persist { 10.0.0.1, 10.0.0.2, ... }
pass in all
pass out from <myiprange> to any
pass out from <over10gb> to any queue overlimit
You need a cronjob at midnight to flush the over10gb table, and zero
the counters for myiprange.
A second cronjob would do "pfctl -t myiprange -vT show", add up the
numbers, and spit out any
IPs that are over into "pfctl -t over10gb -T add $SOMEIPS"
Hopefully that's enough to get you started, or at least an idea of
some way to approach it.
--
Jon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8eea04080808210021v68b34d2cxb07573f8888b25bf>