From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Furniss Date: Wed, 04 May 2005 14:23:57 +0000 Subject: Re: AW: AW: [LARTC] urgent question about tcng! Message-Id: <4278DAFD.8020808@dsl.pipex.com> List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org Thomas Mandl wrote: > Sorry for the stupid question, but how would I rate limit connections usi= ng > iptables? >=20 I was thinking of the patch-o-matic-ng patches connlimit and connrate,=20 though I've never used either and they may or may not be expensive for=20 many connections compared to perflow. Connrate lets you mark packets if they are above limits - you could then=20 drop those later in a filter table or with a TC filter/queue. > regards > Thomas=20 > -----Urspr=FCngliche Nachricht----- > Von: Andy Furniss [mailto:andy.furniss@dsl.pipex.com]=20 > Gesendet: Dienstag, 03. Mai 2005 16:43 > An: Andy Furniss > Cc: mandl.t@ikarus.at; 'LARTC' > Betreff: Re: AW: [LARTC] urgent question about tcng! >=20 > Andy Furniss wrote: >=20 >=20 >>I don't know tcng, but the reason I suggested perflow is that you want=20 >>each flow to have a ceil - unless you make a class and rule to match=20 >>each flow I can't see how you can do this. Also iptables could limit=20 >>the number of connections - tc can't, perflow can. >=20 >=20 > Forgot to say you can also use iptables to limit rate per connection. >=20 > Andy. >=20 >=20 _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc