Rather than start a new thread i am just going to use this one to post my new pf questions.
If my interface has several ip's and i want to make a rule for just a single ip instead of something like
pass in on $int proto tcp from any to any port 8000 keep state
would it be
pass in on 1.1.1.1
or would it be
pass in on $int:1.1.1.1
sorry if this is a stupid question...my reason for asking is i have 6 ip's, and i'm running nginx which is listening on port 80 on all ip's....i want to enable http downloading from my server but currently users will use some kind of download manager and make 20 connections....so i want to limit the number of connections per ip AND i want to throttle the total bandwidth.
i recompiled my kernel with ALTQ...and i think this should be pretty easy but since i have different pages on those different ip's all pertaining to the site...i don't want to just set a hard limit on the entire interface....i don't want to block access to the forums just because a user is downloading a file, or block access to the blogs because they are downloading a file.
