Anatoliy.Poloz Anatoliy.Poloz at onetelecom.od.ua
Fri Apr 24 17:15:20 UTC 2009

Bill Moran wrote:
> In response to Daniel Dias Gonçalves <ddg at yan.com.br>:
>> Very good thinking, congratulations, but my need is another.
>> The objective is a Captive Porrtal that each authentication is 
>> dynamically created a rule to ALLOW or COUNT IP authenticated, which I'm 
>> testing is what is the maximum capacity of rules supported, therefore 
>> simultaneous user.
>> Understand ?
> If you're only doing allow, then you'd be better off using a table,
> which has much better performance than a bunch of separate rules.
> If you're counting packets, I don't know if that approach will work
> or not.
if u need to count ip traffic for all clients u can use sipmple and more 
performance rule set, like this one:


ipfw pipe 100 config bw 0 mask src-ip 0xffffffff
ipfw pipe 100 config bw 0 mask dst-ip 0xffffffff

ipfw add 100 pipe 100 ip from ${LOCAL_NET} to any out
ipfw add 200 pipe 200 ip from any to ${LOCAL_NET} in

More information about the freebsd-net mailing list