Limiting bandwidth

> One question remains though. To count the total traffic from a certain IP
> range, should a separate PF rule with a label be used? If so, how can I
> reset only the labels statistics whenever I want to?

PF already maintains counters for each entry in a table, add -v when
showing a table to see
them. So explaining in pseudo format, I'd try something like

table <over10gb> persist;
table <myiprange> persist {,, ... }

pass in all
pass out from <myiprange> to any
pass out from <over10gb> to any queue overlimit

You need a cronjob at midnight to flush the over10gb table, and zero
the counters for myiprange.
A second cronjob would do "pfctl -t myiprange -vT show", add up the
numbers, and spit out any
IPs that are over into "pfctl -t over10gb -T add $SOMEIPS"

Hopefully that's enough to get you started, or at least an idea of
some way to approach it.


