#
#  Make sure to do: fetch http://www.kruijff.org/user1/files/FreeBSD/ipa.user
#

ac_mod "ipa_ipfw.so";
db_mod "ipa_db_sdb.so";

global {
  update_time = 10s;
  ac_list = ipfw;
  db_list = sdb;

  ipfw:maxchunk = 1G;
}

${rulex} = "00";

startup {
  exec = "/sbin/sysctl net.inet.ip.fw.one_pass=0";
  exec = "/sbin/ipfw delete 2900";
  exec = "/sbin/ipfw add ${rulex}1 count	ip from me to any";
}

shutdown {
  exec = "/sbin/ipfw add 2900 skipto 59000	ip from me to any";
  exec = "/sbin/ipfw add 2900 reject		ip from any to any out";
  exec = "/sbin/ipfw add 2900 deny		ip from any to any in";
}

rule overview {
  ipfw:rules = 110 120;
  info = "Traffic ${rule}";
}

rule overview-downstream {
  info = "Traffic ${rule}";
  ipfw:rules = 110;
}

rule overview-upstream {
  info = "Traffic ${rule}";
  ipfw:rules = 120;
}

rule local {
  info = "Traffic ${rule}";
  ipfw:rules = 59499 59999;
}

rule local-downstream {
  info = "Traffic ${rule}";
  ipfw:rules = 59499;
}

rule local-upstream {
  info = "Traffic ${rule}";
  ipfw:rules = 59999;
}

${hardLimit}		= "10G";
${softRuleUp}		= "51300";
${hardRuleUp}		= "51400";

${softLimit}		= "500M";
${softRuleDown}		= "51800";
${hardRuleDown}		= "51900";

rule user1 {
  info = "Traffic ${rule}";
  ipfw:rules = 51499 51999;
}

rule user1-downstream {
  info = "Traffic ${rule}";
  ipfw:rules = 51499;
  include "/usr/local/etc/ipa.user";
}

rule user1-upstream {
  info = "Traffic ${rule}";
  ipfw:rules = 51999;
}

${hardLimit}		= "10G";
${softRuleUp}		= "52300";
${hardRuleUp}		= "52400";

${softLimit}		= "500M";
${softRuleDown}		= "52800";
${hardRuleDown}		= "52900";

rule user2 {
  info = "Traffic ${rule}";
  ipfw:rules = 52499 52999;
}

rule user2-downstream {
  info = "Traffic ${rule}";
  ipfw:rules = 52499;
  include "/usr/local/etc/ipa.user";
}

rule user2-upstream {
  info = "Traffic ${rule}";
  ipfw:rules = 52999;
}

${hardLimit}		= "10G";
${softRuleUp}		= "53300";
${hardRuleUp}		= "53400";

${softLimit}		= "500M";
${softRuleDown}		= "53800";
${hardRuleDown}		= "53900";

rule user3 {
  info = "Traffic ${rule}";
  ipfw:rules = 53499 53999;
}

rule user3-downstream {
  info = "Traffic ${rule}";
  ipfw:rules = 53499;
  include "/usr/local/etc/ipa.user";
}

rule user3-upstream {
  info = "Traffic ${rule}";
  ipfw:rules = 53999;
}