Attack blocker is great. It is working very well for us for protecting us from our internal users from overloading the network (for things like Bitorrent) and also for External attacks.

Today, Attack Blocker has an exception list. This is great because we can set a particular Internal computer/server as equivalent to 5, 25, 50, 100, or Unlimited users. This allows us to tweak the Attack blocker for busy machines.

What I would like to see added is another tab that does the exact opposite (or you could even use the same tab). I would like to be able to set a machine to 1/100th, 1/50th, 1/25th, or 1/5th users. This would allow us to create a penalty box per-say for Internal (or even external) machines or subnets.

I can see many uses for this. For example, lets say you see a rouge computer in the firewall logs. You don't want to shutdown this user because you want to log what they are doing. At the same time, it would be great to "slow" them down.

Another example would be for external. It would be great to slow down google's crawlers from pegging my webservers. I could just take their crawler IP subnet and make it equivalent to 1/5th users. A perfect case of where I don't want to block them, but I do want to reduce their impact.

Please vote for it: http://bugzilla.untangle.com/show_bug.cgi?id=5764