On 8/18/2011 2:27 PM, Rudi Ahlers wrote: > >>> I need to automatically block any user who abuses bandwidth, either >>> incoming or outgoing. I should be able to set the limits, in either >>> rate/s or usage/s: 1Mb/s or 10GB/h, for example. >>> >>> Then, any users, connecting from anywhere, on any IP should be blocked >>> - either if he uploads or downloads (i.e ingres& outgres) for a >>> specific amount of time. >> >> Those requirements don't mesh very well with the real world. That is, >> people use use a network that they've been provided or paid for aren't >> necessarily 'abusing' anything, and blocking access at times when the >> network isn't fully loaded doesn't help anyone. What's the big picture >> here? Don't you really need QOS to throttle certain things at peak >> times only? >> > > Les, it's not really about blocking people who paid. > > the servers in question provide a free service and no money is > generated from it, but the client still pays for bandwidth so we'd > like to cap heavy users a bit to avoid expensive bills. Are you paying for bandwidth by total bits transferred or by peak or 95th percentile rate? > I know the requirements are strange, but I'm really hoping I could > find something that could do this for us. > Right now they have someone who monitors ntop and block IP's that way > around, but it's inefficient and a salary which could have been spent > elsewhere. You should be able to automate what you are doing with ntop. Or use a netflow collector to centralize the traffic counting and translate your rules into iptables settings. -- Les Mikesell lesmikesell at gmail.com