On Aug 17, 2011, at 3:50 PM, Rudi Ahlers <Rudi at SoftDux.com> wrote: > Hi, > > I'm looking for a firewall (preferably on Linux / UNIX) that could > automatically block bandwidth abusers as soon as a connection goes > over a certain speed, or limit - i.e. either more than say 3Mb/s or > 10GB in a giving period (like weekly / monthly). > > But, I need it to block the IP to, or where the traffic comes from, or > goes to. i.e. a user logs into a web server and upload a LOT of data, > then the firewall should block him, but not other people. > > Or, someone uploads a small bit of data but downloads a lot of data > and then get's blocked. > But I need to set thresholds > And I should be able to exclude certain IP's / domains from the limits. > > Does this make sense? > > Can this be done with iptables? If so, how? > > If not, what else could I use for this? > > > A normal DDOS prevention firewall doesn't really work since it only > blocks traffic coming in. But I need to limit traffic going out as > well. > > The servers behind the firewall will serve mail, http, ftp, sql and SSH Best approach, throttle, you can cause the throttle to increase as the overage increases until it reaches dial-up speed. With some cleverness you can back the throttle out after a period of idle-ness. -Ross