On Thu, Aug 18, 2011 at 4:13 AM, Craig White craigwhite@azapple.com wrote:
On Wed, 2011-08-17 at 21:50 +0200, Rudi Ahlers wrote:
Hi,
I'm looking for a firewall (preferably on Linux / UNIX) that could automatically block bandwidth abusers as soon as a connection goes over a certain speed, or limit - i.e. either more than say 3Mb/s or 10GB in a giving period (like weekly / monthly).
But, I need it to block the IP to, or where the traffic comes from, or goes to. i.e. a user logs into a web server and upload a LOT of data, then the firewall should block him, but not other people.
Or, someone uploads a small bit of data but downloads a lot of data and then get's blocked. But I need to set thresholds And I should be able to exclude certain IP's / domains from the limits.
Does this make sense?
Can this be done with iptables? If so, how?
If not, what else could I use for this?
A normal DDOS prevention firewall doesn't really work since it only blocks traffic coming in. But I need to limit traffic going out as well.
The servers behind the firewall will serve mail, http, ftp, sql and SSH
Craig
We already monitor traffic usage on the switches with cacti via SNMP.
But, I need to block traffic abusers automatically. from any IP address, to any IP address.
The firewalls we have, and have tested all need a set of IP addresses to throttle, which won't work in this case. A user can login from any IP address on the internet, and either upload or download exsesively and we need to block that IP address as soon as it's reaches a certain (pre-set by us) threshold