Limiting bandwidth

Jon Simola jsimola at gmail.com
Thu Aug 21 07:46:56 UTC 2008


On Wed, Aug 20, 2008 at 10:07 PM, Erik Danielsson <eridan911 at gmail.com> wrote:

> One question remains though. To count the total traffic from a certain IP
> range, should a separate PF rule with a label be used? If so, how can I
> reset only the labels statistics whenever I want to?

PF already maintains counters for each entry in a table, add -v when
showing a table to see
them. So explaining in pseudo format, I'd try something like

table <over10gb> persist;
table <myiprange> persist { 10.0.0.1, 10.0.0.2, ... }

pass in all
pass out from <myiprange> to any
pass out from <over10gb> to any queue overlimit

You need a cronjob at midnight to flush the over10gb table, and zero
the counters for myiprange.
A second cronjob would do "pfctl -t myiprange -vT show", add up the
numbers, and spit out any
IPs that are over into "pfctl -t over10gb -T add $SOMEIPS"

Hopefully that's enough to get you started, or at least an idea of
some way to approach it.

-- 
Jon


More information about the freebsd-pf mailing list