From owner-freebsd-net  Fri Sep  8  4:18:30 2000
Delivered-To: freebsd-net@freebsd.org
Received: from mail2.netcologne.de (mail2.netcologne.de [194.8.194.103])
	by hub.freebsd.org (Postfix) with ESMTP
	id D5E0D37B424; Fri,  8 Sep 2000 04:18:23 -0700 (PDT)
Received: from bagabeedaboo.security.at12.de (dial-213-168-73-75.netcologne.de [213.168.73.75])
	by mail2.netcologne.de (8.9.3/8.9.3) with ESMTP id NAA22516;
	Fri, 8 Sep 2000 13:18:21 +0200 (MET DST)
Received: from localhost (localhost.security.at12.de [127.0.0.1])
	by bagabeedaboo.security.at12.de (8.11.0/8.11.0) with ESMTP id e88BIDe02678;
	Fri, 8 Sep 2000 13:18:13 +0200 (CEST)
	(envelope-from pherman@frenchfries.net)
Date: Fri, 8 Sep 2000 13:18:13 +0200 (CEST)
From: Paul Herman <pherman@frenchfries.net>
To: Ramses Smeyers <fatman@khk.org>
Cc: freebsd-net@FreeBSD.ORG
Subject: Re: useripacct
In-Reply-To: <Pine.LNX.4.21.0009081130380.3845-100000@walhalla.sin.khk.be>
Message-ID: <Pine.BSF.4.21.0009081300020.327-100000@bagabeedaboo.security.at12.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


[ ...brought over to freebsd-net... ]

On Fri, 8 Sep 2000, Ramses Smeyers wrote:

> > ipfw(8) in FreeBSD can count packets/bytes based on uid and gid (based
> > on local socket credentials.)
> 
> are we then talking about a rule for every user?, and can this system be
> used as disk quota, so with hard and soft quota (like
> useripacct) does. The aim of the useripacct patch is to give a user 200MB
> traffic for one month, and let their traffic block after those 200MB are
> used. To implement this in freebsd, do I have to place a rule for every
> user, this is like not scalable, and is their a daemon available to
> control the IP flow and block users if it has to be done ?

ipfw doesn't implement quotas, but yes you would have to have a
separate rule for each uid/gid -- agreed, not so efficient for ipfw to
do.

BTW, this topic has been brushed by the freebsd-net crowd before, so
you might want to arm yourself :) and browse the freebsd-net mail
archive first (try keywords like "ipfw", "quota", ...)

   http://www.freebsd.org/search/search.html

Other than that, I can imagine an optional external daemon similar to
natd(8) which enforces network quotas via a "divert" ipfw rule.  
Whether or not network quotas are a good thing(tm) is a whole other
question all together... :)

-Paul.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message