On 2015-12-31, Mark Carroll <m...@ixod.org> wrote: > I was wondering recently what the biggest bandwidth hogs were on my home > network at a certain moment. On Linux I use iftop on the router for > this, but I wonder in OpenBSD if, rather than install the iftop package, > there's something different -- more OpenBSD-ish -- I should be doing > with clients to pflow or whatever to achieve this same near-instanteous > view of machines' Internet usage across the router (which NATs them from > their LAN).
Others have mentioned systat for an instantaneous view. Or there are things like darkstat in ports. pflow (in combination with a netflow receiver program) is one way to get historical stats of traffic flows. > Lately I've been reading about CARP and discovering that the packet > filter code has all kinds of cool stuff built in for transparent > load-balancing and failover. And, I like the keep-state stuff that lets > me do things like rate-limit ssh connections. So, I'm thinking that PF > may offer me all manner of wonders. So, I got to thinking today: > > I wondered about my kids' use of YouTube and suchlike, and I wondered if > there's a good way of using PF on the router to give them a weekly > download limit, perhaps cumulative over their devices, after which it > gets limited to a slow crawl or even cut off. Is this (or some variant > thereof) something that PF makes easy (any pointers?), or is tricky but > clearly described in the latest Book of PF, or just not worth the effort > of attempting -- any thoughts? I may have just picked the wrong web > search terms, or maybe this just isn't yet at all easy. The 'counters' flag for PF tables is probably the simplest way to get the data. You may want to cope with it being reset if rules are reloaded or the machine is restarted. You could throttle/block by adding the relevant addresses to a table which is referenced in a suitable rule.
