On Thu, Aug 18, 2011 at 9:09 PM, Always Learning centos@u61.u22.net wrote:
On Thu, 2011-08-18 at 21:01 +0200, Rudi Ahlers wrote:
I need to automatically block any user who abuses bandwidth, either incoming or outgoing. I should be able to set the limits, in either rate/s or usage/s: 1Mb/s or 10GB/h, for example.
First question is:
(a) how can you get the IP address ?
I don't fully understand your question? How do you get any IP address from any machine that connects to a server on the internet? netstat shows the IP's, /var/log/http/access.log shows the IP's and I'm sure it's listed in other places as well.
We currently use ntop to monitor the server's usage, but there's no way to automatically block an abusive IP.
(b) how can you introduce a, or use an existing, system to record and store the data amounts (bandwidth) and IP addresses ?
What do you mean?
(c) how long will this information be retained before being discarded ?
How long will what information be retained? And what for? I don't understand the nature of this question?
(d) how can you monitor on every change to the data amount ?
Again, I don't understand what you mean?
(e) will it do both IP4 and IP6 ?
Does it matter? IPV6 is already being used on a wide scale. iptables support both
(f) what mechanism can you use to block the IP address ... IP Tables via simple BASH command ?
if that will do the trick, yes. Any way to block the IP would be fine. iptables would probably be easiest.
Ideally I would like to get a dedicated firewall, or dedicated Linux / UNIX firewall appliance for this purpose as it needs to monitor and protect a whole bunch of servers
Its an interesting requirement.
-- With best regards,
Paul. England, EU.