On Thu, Aug 18, 2011 at 9:29 PM, Les Mikesell <lesmikesell at gmail.com> wrote: > On 8/18/2011 2:15 PM, Rudi Ahlers wrote: >> On Thu, Aug 18, 2011 at 9:09 PM, Always Learning<centos at u61.u22.net> wrote: >>> >>> On Thu, 2011-08-18 at 21:01 +0200, Rudi Ahlers wrote: >>> >>>> I need to automatically block any user who abuses bandwidth, either >>>> incoming or outgoing. I should be able to set the limits, in either >>>> rate/s or usage/s: 1Mb/s or 10GB/h, for example. >>> >>> First question is: >>> >>> (a) how can you get the IP address ? >> >> I don't fully understand your question? >> How do you get any IP address from any machine that connects to a >> server on the internet? netstat shows the IP's, > > You said 'user' which may or may not map to a consistent, single, IP > address. well, a 'user' is anyone accessing the server from the internet, so the IP's will change the whole time. > >> /var/log/http/access.log shows the IP's and I'm sure it's listed in >> other places as well. > > Are these web browser clients, locally attached PCs, or what? web / SQL / SMTP / POP3 clients, connecting from the internet. > >> We currently use ntop to monitor the server's usage, but there's no >> way to automatically block an abusive IP. > > What's 'abusive'? If they are using a web app, let the app monitor the > connection of a logged in user and handle them appropriately. yes, but no monitor can block their IP, that I'm aware of. > >> >> Ideally I would like to get a dedicated firewall, or dedicated Linux / >> UNIX firewall appliance for this purpose as it needs to monitor and >> protect a whole bunch of servers > > A separate box won't know what is going on. Suppose you have a remote > mail server relaying in or out for a large number of users. The > intermediate box will see a lot of smtp traffic to/from one IP, but it > will correspond to a lot of users. Likewise for web users behind a > company proxy. For this very reason I need to exclude certain IP's from the limits. > > -- > Les Mikesell > lesmikesell at gmail.com > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532