Good morning, Can PF be written to filter client connections based on the total amount of bandwidth a remote client uploads/downloads over a given time frame? As far as I know PF does _NOT_ have this ability.
Pf can flush the states of a client ip that has connected too many times in a given time frame. What I am proposing is an extension to this behavior. One would be able to write a rule looking at the total amount of bandwidth the remote client has used and add them to a table if they exceed this amount in a given time. For example: "max-src-bandwidth-amount 2000/60" This could be the stateful tracking option to limit a client to 2000 Kilobytes per 60 seconds. The ip could then be dynamically added to a table, its states flushed and put into a slower queue with limited bandwidth or blocked completely. Does anyone else find the ability to limit connections by total bandwidth used over time to be useful? Perhaps this can be an option request in a later version of PF. ( Background ) For those wondering how this can be used in the real world it would help... ...a wireless public network. Using the wireless network connection of a local cafe we offer free Internet access to cafe patrons and people in the park across the street. The access rules specify a limit of 500meg per visit per day. Most people are well under this amount and others abuse the service. ...limiting a child's downloads on the local LAN at a public school. Some ISP's will send out warning letters to their customers who use more than their fair share of bandwidth (>100Gig/month). By limiting a local LAN ip to one gig per day we can make sure to stay under this limit for example. ...stopping people from abusing a ftp or web server on a metered connection. If you know exactly how much data a normal user is expected to download then you can set upper limits. If you need to pay for that bandwidth then there is a financial incentive to stop abusers or broken clients. For example, if we expect an automated bot to get 15 meg per hour from the ftp server. If we then see clients connect and download 100 meg per minute there is a problem and the ips can be blocked or slowed. Thanks for your time, -- Calomel @ http://calomel.org Open Source Research and Reference
