On Thu, Aug 18, 2011 at 9:52 PM, Mike <mike at microdel.org> wrote: > On Thu, 18 Aug 2011, Rudi Ahlers wrote: > >> On Thu, Aug 18, 2011 at 9:38 PM, Mike <mike at microdel.org> wrote: >>>> >>>> I have read through that document link on >>>> http://lartc.org/lartc.html#AEN1393 and the closest I could get is >>>> rate limiting, but that doesn't actually block the IP if it goes over >>>> a certain threshold, it just slows everything down. >>> >>> So I'm not sure I fully understand your requirements. Why isn't slowing >>> the user to zero or at least near zero sufficient? >> >> How do I slow one user down, without affecting the others? >> The way I understand rate limiting is that you rate limit a certain >> protocol / port, or IP / IP range. >> >> So, how would I automatically slow down someone (on any IP address, >> and accessing any protocol) once he hits a certain threshold / limit? >> > > I think I understand now and the short answer is that you can't! In other > words you're saying that say "Steve" is using a ton of bandwidth so you want > to block him. But "Fred" and 10 other users that may be at the same IP > address are fine and you don't want to block them. I mean you could > conceptually at least block the IP/Source port that "Steve" is "coming from" > right now. But the source port (and perhaps IP) will eventually change and > your block is now useless. > > _______________________________________________ No, not quite. Steve will have a different IP from Fred. I don't care so much about the users as such, but rather the IP where the connection is from, and to. i.e. I don't need to know what the user's name is, nor match him to a DB like LDAP or something. I purely need to block an abusive IP. BUT, if Steve changes his IP to circumvent the block, then his new IP should be blocked as well. -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532