On 6/27/06, McLone <[EMAIL PROTECTED]> wrote:
We have many clients here, so i wanted to do it on my freebsd6 router, with simple cron job switching tables in PF, but pf doesn't support a thing like "give EACH ip in that table N kbits/s".
Yes, what you want is a list.
So i have one option now - write some pf.conf preprocessor, with soem frontend to edit it.
If you know python, check out dfd_keeper. There is an OpenBSD port here: http://www.lightconsulting.com/~travis/OpenBSD/ Basically you can, from a script that uses nc/netcat, add or delete from a list relatively trivially. It then renders the ruleset and loads it into pf. It looks intimidating at first but isn't really. You have my permission to use it in your commercial environment. Once installed, you need to write a short python script; there is an example in the dist (but it doesn't get installed by the port yet, sorry). If you have any further questions, or if you want [paid] help implementing it, email me. -- "I sometimes have delusions of adequacy" -- Woody Allen Security "guru" for rent or hire - http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
