[CentOS] which firewall to automatically block bandwidth abusers?

Mike mike at microdel.org
Thu Aug 18 19:52:31 UTC 2011


On Thu, 18 Aug 2011, Rudi Ahlers wrote:

> On Thu, Aug 18, 2011 at 9:38 PM, Mike <mike at microdel.org> wrote:
>>>
>>> I have read through that document link on
>>> http://lartc.org/lartc.html#AEN1393 and the closest I could get is
>>> rate limiting, but that doesn't actually block the IP if it goes over
>>> a certain threshold, it just slows everything down.
>>
>> So I'm not sure I fully understand your requirements.  Why isn't slowing
>> the user to zero or at least near zero sufficient?
>
> How do I slow one user down, without affecting the others?
> The way I understand rate limiting is that you rate limit a certain
> protocol / port, or IP / IP range.
>
> So, how would I automatically slow down someone (on any IP address,
> and accessing any protocol) once he hits a certain threshold / limit?
>

I think I understand now and the short answer is that you can't!  In other 
words you're saying that say "Steve" is using a ton of bandwidth so you 
want to block him.  But "Fred" and 10 other users that may be at the same 
IP address are fine and you don't want to block them.  I mean you could 
conceptually at least block the IP/Source port that "Steve" is "coming 
from" right now.  But the source port (and perhaps IP) will eventually 
change and your block is now useless.


More information about the CentOS mailing list