On Wed, 7 Jun 2000, Poul-Henning Kamp wrote:
> It should be possible to say say
>
> ipfw deny all ip from any to any exquota any
>
> as well as:
>
> ipfw deny all ip from any to any exquota guest
Do you say that in principle you agree with the "quota action, but you want
the "exquota" condition be qualified by a particular quota name as sketched in
your example? This is fine with me and I'll implement it.
I'll disallow the name "any" for quota names. This is not exactly pretty, but
I still think that named quotas are more flexible then numeric ones. I'd even
propose that the dummynet pipes also be named, I'd volunteer to do
this. Performance wise this will be pretty neutral, as a pointer to the pipe
(or quota) is cached.
This directly leads to the question whether I should perform any checks on the
quota names passed to the kernel by the user. If I don't do this, they could
contains spaces and funny european characters, which may or may not be
acceptable. I'd say that the kernel should not restrict the names, but ipfw
should propably only accept numbers and C-style identifiers.
-Hans
--
finger [EMAIL PROTECTED] for details
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
