[CentOS] which firewall to automatically block bandwidth abusers?
Rudi Ahlers
Rudi at SoftDux.com
Thu Aug 18 19:34:38 UTC 2011
On Thu, Aug 18, 2011 at 9:29 PM, Les Mikesell <lesmikesell at gmail.com> wrote:
> On 8/18/2011 2:15 PM, Rudi Ahlers wrote:
>> On Thu, Aug 18, 2011 at 9:09 PM, Always Learning<centos at u61.u22.net> wrote:
>>>
>>> On Thu, 2011-08-18 at 21:01 +0200, Rudi Ahlers wrote:
>>>
>>>> I need to automatically block any user who abuses bandwidth, either
>>>> incoming or outgoing. I should be able to set the limits, in either
>>>> rate/s or usage/s: 1Mb/s or 10GB/h, for example.
>>>
>>> First question is:
>>>
>>> (a) how can you get the IP address ?
>>
>> I don't fully understand your question?
>> How do you get any IP address from any machine that connects to a
>> server on the internet? netstat shows the IP's,
>
> You said 'user' which may or may not map to a consistent, single, IP
> address.
well, a 'user' is anyone accessing the server from the internet, so
the IP's will change the whole time.
>
>> /var/log/http/access.log shows the IP's and I'm sure it's listed in
>> other places as well.
>
> Are these web browser clients, locally attached PCs, or what?
web / SQL / SMTP / POP3 clients, connecting from the internet.
>
>> We currently use ntop to monitor the server's usage, but there's no
>> way to automatically block an abusive IP.
>
> What's 'abusive'? If they are using a web app, let the app monitor the
> connection of a logged in user and handle them appropriately.
yes, but no monitor can block their IP, that I'm aware of.
>
>>
>> Ideally I would like to get a dedicated firewall, or dedicated Linux /
>> UNIX firewall appliance for this purpose as it needs to monitor and
>> protect a whole bunch of servers
>
> A separate box won't know what is going on. Suppose you have a remote
> mail server relaying in or out for a large number of users. The
> intermediate box will see a lot of smtp traffic to/from one IP, but it
> will correspond to a lot of users. Likewise for web users behind a
> company proxy.
For this very reason I need to exclude certain IP's from the limits.
>
> --
> Les Mikesell
> lesmikesell at gmail.com
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
Kind Regards
Rudi Ahlers
SoftDux
Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
More information about the CentOS
mailing list