sorry if i lost part of the discussion, but why dont you
just associate a quota with a rule and specify one of the
two possible results when exceeding quota:
ipfw <action> <match pattern> match-upto 20MB
ipfw <action> <match pattern> deny-above 20MB
where the first syntax does not match when the rule's counters
are above the quota, the second one denies the pkt when above quota.
It looks of trivial implementation and rather easy to understand.
You'd just need a new ipfw command to increase/decrease/set counters to
a specific value rather than just zero them.
cheers
luigi
-----------------------------------+-------------------------------------
Luigi RIZZO, [EMAIL PROTECTED] . Dip. di Ing. dell'Informazione
http://www.iet.unipi.it/~luigi/ . Universita` di Pisa
TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy)
Mobile +39-347-0373137
-----------------------------------+-------------------------------------
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
