Calomel <[EMAIL PROTECTED]> writes: > Can PF be written to filter client connections based on the total amount of > bandwidth a remote client uploads/downloads over a given time frame? As > far as I know PF does _NOT_ have this ability.
Well, you already have the possibility of using variables such as $srcaddr to construct your labels, creating essentially per-client statistics. If you write a program that's able to read those statistics and act upon them, you could for example have your program move addresses from one table to another based on the accumulated statistics such as total bytes or packets passed from a specific address. The next and final step would be to write your rules with various-sized queues and logic to assign traffic to queues based on table membership. Supply that well-written program and easy to use program (for PF/OpenBSD values of), and I would think you're a lot closer to a solution that would fit the basic requirements, ie adding flexibility without adding clutter to the system at the same time. Just my EUR 0.02, and maybe better ideas will be had by morning. All the best, -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
