On Thu, Aug 18, 2011 at 9:09 PM, Always Learning <centos at u61.u22.net> wrote: > > On Thu, 2011-08-18 at 21:01 +0200, Rudi Ahlers wrote: > >> I need to automatically block any user who abuses bandwidth, either >> incoming or outgoing. I should be able to set the limits, in either >> rate/s or usage/s: 1Mb/s or 10GB/h, for example. > > First question is: > > (a) how can you get the IP address ? I don't fully understand your question? How do you get any IP address from any machine that connects to a server on the internet? netstat shows the IP's, /var/log/http/access.log shows the IP's and I'm sure it's listed in other places as well. We currently use ntop to monitor the server's usage, but there's no way to automatically block an abusive IP. > > (b) how can you introduce a, or use an existing, system to record and > store the data amounts (bandwidth) and IP addresses ? What do you mean? > > (c) how long will this information be retained before being discarded ? How long will what information be retained? And what for? I don't understand the nature of this question? > > (d) how can you monitor on every change to the data amount ? Again, I don't understand what you mean? > > (e) will it do both IP4 and IP6 ? Does it matter? IPV6 is already being used on a wide scale. iptables support both > > (f) what mechanism can you use to block the IP address ... IP Tables via > simple BASH command ? if that will do the trick, yes. Any way to block the IP would be fine. iptables would probably be easiest. Ideally I would like to get a dedicated firewall, or dedicated Linux / UNIX firewall appliance for this purpose as it needs to monitor and protect a whole bunch of servers > > > Its an interesting requirement. > > > > > -- > With best regards, > > Paul. > England, > EU. > -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532