traffic accounting per username with ipfw in 5.4 ? (more)

Andrew P. infofarmer at
Tue Oct 25 00:37:05 PDT 2005

On 10/25/05, user <user at> wrote:
> Hello,
> On Tue, 25 Oct 2005, Andrew P. wrote:
> > On 10/25/05, user <user at> wrote:
> > >
> > > I remember that ipfw had been augmented some time ago to do traffic
> > > counting, etc., based on usernames ... but I see no mention of that in the
> > > ipfw man page on my 5.4-RELEASE system.
> > >
> > > Is this something that only exists in IPFW2 ?  Does ipfw2 even exist
> > > anymore ?
> > >
> > > Can someone clarify for me what is going on with regard to what used to be
> > > called IPFW2, FreeBSD 5.x, and per-user traffic counting ?
> > >
> > > thanks.
> >
> > ipfw2 replaced ipfw in 5.x
> >
> > Read the manpage more carefully, please. Search
> > for "uid" option.
> Thanks - I was searching for username and getting nowhere.  Also, thank
> you for the clarification regarding ipfw2/ipfw and their current state.
> I notice that the traffic accounting per uid only applies to traffic
> initiated by that user, and initiated from the local machine.  If I scp a
> file away from the machine (as user X) the traffic does not get
> incremented, and if I scp a file to the local machine (as user X) it also
> does not get incremented - even though those are non-anonymous actions
> that occur under the auspices of a particular username.
> Doe anyone have any suggestions for traffic accounting (of particularly
> ssh traffic) on a per user basis, for _all_ traffic that occurs under the
> auspices of that username, and not just what _they themselves_ initiate,
> personally, in their own login shell ?
> Thank you.

ipfw looks at the owner of a process, sshd in your
case. If you really need to account the not-locally-
initiated ssh traffic, start another sshd running as
the user (on another port), and connect to that
port [you can easily allow a user to connect only
to a selected server by editing sshd_config's].

Anyway, try thinking logically. How ipfw could
ever know what user traffic belongs to if all
authentication is handled by sshd internally.
Otherwise, it would be a security whole (though
some actions can certainly be logged to limited-
access log files).

Hassle-free solutions, i.e. complex accounting
systems, come for money. Though, whatever
problem you might have, I'm sure somehow that
there's another way.

More information about the freebsd-questions mailing list