Re: [CentOS] which firewall to automatically block bandwidth abusers?

On 08/18/11 4:05 PM, Rudi Ahlers wrote:

The point it, it doesn't matter who the user is. As soon as an IP, any IP exceeds the limit, it should get blocked.

you might take a look at the various fail2ban scripts that are commonly used to block an IP for some period of time after a threshold number of SSH or appache login attempts are made, and you can probably figure out how to implement that same sort of concept to run off whatever per-source-IP traffic statistics you're keeping... of course, if your web and mail and whatever servers are accessed by 100s or 1000s of unique hosts a day, those traffic statistics are going to be quite a lot of overhead to track.