Let's try again: I need to automatically block any user who abuses bandwidth, either incoming or outgoing. I should be able to set the limits, in either rate/s or usage/s: 1Mb/s or 10GB/h, for example. Then, any users, connecting from anywhere, on any IP should be blocked - either if he uploads or downloads (i.e ingres & outgres) for a specific amount of time. My research: The firewalls which we've tried (both normal Linux iptables and hardware based firewalls) can do this, as long as I can specify the IP's to block - this is standard for an office-type firewall. BUT, I don't have a range of IP's to specify since these particular servers are on the internet, thus any possible IP on the net could connect to the server. I also need to exclude certain IP's from this rule (i.e. for backup servers which actually need to transfer a lot of traffic). To some degree this would mean "traffic accounting", but that just keeps a log of traffic usage. And we already measure traffic use with cacti & SNMP. Cacti can send us an email if a certain amount of bandwidth is used up, but it doesn't tell the firewall to block the offending IP address. DDOS protection type firewalls doesn't help much either since they only block incoming "attacks", but not really normal uploads. They also don't block outgoing traffic once the condition is met. -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532