* Re: quota and time patch.
2002-09-27 2:30 quota and time patch SB CH
@ 2002-09-27 3:27 ` Fabrice MARIE
2002-09-27 4:29 ` Alexey Talikov
1 sibling, 0 replies; 4+ messages in thread
From: Fabrice MARIE @ 2002-09-27 3:27 UTC (permalink / raw)
To: SB CH, netfilter
Hello,
On Friday 27 September 2002 10:30, SB CH wrote:
> Hello all.
> I would like to limit the traffic usage per user
> using iptables extension function, quota and time.
> for example, I would like to set like this.
> one can use 10M http traffic per hour per one IP address at business
> time(09h~18h).
> Is it possible to set using iptables?
> thanks in advance.
The problem with the current iptables framework is that you cannot
"auto-remove" rules dynamically. For example, the quota match will
increase the used-up quota, until the limit is reached, after which
the rule will stop matching. However the quota rule will not go away
by itself, and cannot be made so. So as things are right now, no, you
cannot do what you want.
It would be easy enough however to modify the source of the quota match to implement
quota per hour with a quota that would reset once the new time slice starts.
Have a nice day,
Fabrice.
--
Fabrice MARIE
Senior R&D Engineer
Celestix Networks
http://www.celestix.com/
"Silly hacker, root is for administrators"
-Unknown
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: quota and time patch.
2002-09-27 2:30 quota and time patch SB CH
2002-09-27 3:27 ` Fabrice MARIE
@ 2002-09-27 4:29 ` Alexey Talikov
2002-09-27 5:00 ` Fabrice MARIE
1 sibling, 1 reply; 4+ messages in thread
From: Alexey Talikov @ 2002-09-27 4:29 UTC (permalink / raw)
To: SB CH; +Cc: netfilter
Hello SB,
It is only example don't use it in real setup !!!!!!!
Add your additional rules for filtering !!!!!!!!!!!!!
Creat chain for every user (for optimal setup)
iptables -N user1
iptables -N user2
.........
# For user1
iptables -A user1 -m time --timestart 08:00 --timestop 09:00 --days \
Mon,Tue,Wed,Thu,Fri -m quota --quota 10485760 -j ACCEPT
iptables -A user1 -m time --timestart 09:00 --timestop 10:00 --days \
Mon,Tue,Wed,Thu,Fri -m quota --quota 10485760 -j ACCEPT
.........
iptables -A user1 -m time --timestart 16:00 --timestop 17:00 --days \
Mon,Tue,Wed,Thu,Fri -m quota --quota 10485760 -j ACCEPT
# For user2
iptables -A user2 -m time --timestart 08:00 --timestop 09:00 --days \
Mon,Tue,Wed,Thu,Fri -m quota --quota 10485760 -j ACCEPT
iptables -A user2 -m time --timestart 09:00 --timestop 10:00 --days \
Mon,Tue,Wed,Thu,Fri -m quota --quota 10485760 -j ACCEPT
.........
iptables -A user2 -m time --timestart 16:00 --timestop 17:00 --days \
Mon,Tue,Wed,Thu,Fri -m quota --quota 10485760 -j ACCEPT
.........
Send packets from users to his chain
# FORWARD
# For download limit
iptables -A FORWARD -i $IF1 -d $USER1_IP -j user1
iptables -A FORWARD -i $IF1 -d $USER2_IP -j user2
.........
# For upload limit
iptables -A FORWARD -i $IF1 -s $USER1_IP -j user1
iptables -A FORWARD -i $IF1 -s $USER2_IP -j user2
.........
# You can limit only upload or only download F.E. if you wish.
# Sorry for my pure English :((
-----------------------------------
mailto:alexey_talikov@texlab.com.uz
BR
Alexey Talikov
FORTEK
-----------------------------------
^ permalink raw reply [flat|nested] 4+ messages in thread