> Anyways, the _real_ problem is that traditionally, I'd used firewall > rules for accounting as well as security. To that end, labels are > very cool. However, they have one rather large defect: > > If you're dealing with keep state rules, there seems to be no obvious > way to account for incoming vs. outgoing traffic. The label only > reports total traffic for the state matching the rule... which is both > in and out.
This is a workaround, but I found that ipfw's count rules are pretty useful for this purpose. This would however add processing overhead for each packet especially using gigabit Ethernet. Regards, -- Jeremie Le Hen jeremie at le-hen dot org _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
