I'm trying to deploy an application for a limited monthly traffic. Please can you tell me how can I do this ? I need to limit traffic on an interface under linux.
Asked
Active
Viewed 1,504 times
1
-
More information on what you are trying to do would be good. Are you trying to rate limit and/or disconnect once an amount of bandwidth has been reached ? Are you worried about incoming or outgoing bandwidth? What order of magnitude is your connection and what is the usage demographic ? – davidgo Mar 18 '14 at 00:02
-
I need to create a tun interface with a rate limit, once the interface reach 10G in a month I desactivated and reset rules next month. – Ali Mezgani Mar 18 '14 at 00:12
1 Answers
0
You can take a look at the quota extension of iptables:
http://ipset.netfilter.org/iptables-extensions.man.html#lbBR
The idea could be to mark packets based on their destination ip/port and usinv the quota matching module and the MARK target.
Then this mark can be used to drop traffic or, even better, redirect it to another service warning the user about the quota reached.
As an example, imagine an telnet service like this:
iptables -t mangle -I PREROUTING --dport 23 -d 1.2.3.4 -m mark -m quota ! --quota 1000000 -j MARK --set-mark 0xa
iptables -t mangle -I PREROUTING --sport 23 -s 1.2.3.4 -m mark -m quota ! --quota 1000000 -j MARK --set-mark 0xa
iptables -t nat -I PREROUTING -m mark --mark 0xa -j REDIRECT --to-ports 2323
In this case user woulb be redirected to a dummy telnet service stating the service over quota on port 2323.
Another approach could be
alxgomz
- 1,630
- 1
- 11
- 14