[CentOS] which firewall to automatically block bandwidth abusers?

Thu Aug 18 10:14:48 UTC 2011
Rudi Ahlers <Rudi at SoftDux.com>

On Thu, Aug 18, 2011 at 4:13 AM, Craig White <craigwhite at azapple.com> wrote:
> On Wed, 2011-08-17 at 21:50 +0200, Rudi Ahlers wrote:
>> Hi,
>>
>> I'm looking for a firewall (preferably on Linux / UNIX) that could
>> automatically block bandwidth abusers as soon as a connection goes
>> over a certain speed, or limit - i.e. either more than say 3Mb/s or
>> 10GB in a giving period (like weekly / monthly).
>>
>> But, I need it to block the IP to, or where the traffic comes from, or
>> goes to. i.e. a user logs into a web server and upload a LOT of data,
>> then the firewall should block him, but not other people.
>>
>> Or, someone uploads a small bit of data but downloads a lot of data
>> and then get's blocked.
>> But I need to set thresholds
>> And I should be able to exclude certain IP's / domains from the limits.
>>
>> Does this make sense?
>>
>> Can this be done with iptables? If so, how?
>>
>> If not, what else could I use for this?
>>
>>
>> A normal DDOS prevention firewall doesn't really work since it only
>> blocks traffic coming in. But I need to limit traffic going out as
>> well.
>>
>> The servers behind the firewall will serve mail, http, ftp, sql and SSH
> ----
> http://tinyurl.com/3n5yn8u
>
> Craig


We already monitor traffic usage on the switches with cacti via SNMP.


But, I need to block traffic abusers automatically. from any IP
address, to any IP address.

The firewalls we have, and have tested all need a set of IP addresses
to throttle, which won't work in this case.
A user can login from any IP address on the internet, and either
upload or download exsesively and we need to block that IP address as
soon as it's reaches a certain (pre-set by us) threshold


-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532