On Aug 17, 2011, at 3:50 PM, Rudi Ahlers Rudi@SoftDux.com wrote:
Hi,
I'm looking for a firewall (preferably on Linux / UNIX) that could automatically block bandwidth abusers as soon as a connection goes over a certain speed, or limit - i.e. either more than say 3Mb/s or 10GB in a giving period (like weekly / monthly).
But, I need it to block the IP to, or where the traffic comes from, or goes to. i.e. a user logs into a web server and upload a LOT of data, then the firewall should block him, but not other people.
Or, someone uploads a small bit of data but downloads a lot of data and then get's blocked. But I need to set thresholds And I should be able to exclude certain IP's / domains from the limits.
Does this make sense?
Can this be done with iptables? If so, how?
If not, what else could I use for this?
A normal DDOS prevention firewall doesn't really work since it only blocks traffic coming in. But I need to limit traffic going out as well.
The servers behind the firewall will serve mail, http, ftp, sql and SSH
Best approach, throttle, you can cause the throttle to increase as the overage increases until it reaches dial-up speed. With some cleverness you can back the throttle out after a period of idle-ness.
-Ross