altq for vlans?
Jeremie Le Hen
jeremie at le-hen.org
Mon Feb 14 01:44:25 PST 2005
> Anyways, the _real_ problem is that traditionally, I'd used firewall
> rules for accounting as well as security. To that end, labels are
> very cool. However, they have one rather large defect:
>
> If you're dealing with keep state rules, there seems to be no obvious
> way to account for incoming vs. outgoing traffic. The label only
> reports total traffic for the state matching the rule... which is both
> in and out.
This is a workaround, but I found that ipfw's count rules are pretty
useful for this purpose. This would however add processing overhead
for each packet especially using gigabit Ethernet.
Regards,
--
Jeremie Le Hen
jeremie at le-hen dot org
More information about the freebsd-net
mailing list