[CentOS] which firewall to automatically block bandwidth abusers?
Les Mikesell
lesmikesell at gmail.com
Thu Aug 18 19:29:55 UTC 2011
On 8/18/2011 2:15 PM, Rudi Ahlers wrote:
> On Thu, Aug 18, 2011 at 9:09 PM, Always Learning<centos at u61.u22.net> wrote:
>>
>> On Thu, 2011-08-18 at 21:01 +0200, Rudi Ahlers wrote:
>>
>>> I need to automatically block any user who abuses bandwidth, either
>>> incoming or outgoing. I should be able to set the limits, in either
>>> rate/s or usage/s: 1Mb/s or 10GB/h, for example.
>>
>> First question is:
>>
>> (a) how can you get the IP address ?
>
> I don't fully understand your question?
> How do you get any IP address from any machine that connects to a
> server on the internet? netstat shows the IP's,
You said 'user' which may or may not map to a consistent, single, IP
address.
> /var/log/http/access.log shows the IP's and I'm sure it's listed in
> other places as well.
Are these web browser clients, locally attached PCs, or what?
> We currently use ntop to monitor the server's usage, but there's no
> way to automatically block an abusive IP.
What's 'abusive'? If they are using a web app, let the app monitor the
connection of a logged in user and handle them appropriately.
>
> Ideally I would like to get a dedicated firewall, or dedicated Linux /
> UNIX firewall appliance for this purpose as it needs to monitor and
> protect a whole bunch of servers
A separate box won't know what is going on. Suppose you have a remote
mail server relaying in or out for a large number of users. The
intermediate box will see a lot of smtp traffic to/from one IP, but it
will correspond to a lot of users. Likewise for web users behind a
company proxy.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list