Re: which firewall to automatically block bandwidth abusers?

Les Mikesell <lesmikesell@xxxxxxxxx> · Thu, 18 Aug 2011 14:38:56 -0500

On 8/18/2011 2:27 PM, Rudi Ahlers wrote:
>
>>> I need to automatically block any user who abuses bandwidth, either
>>> incoming or outgoing. I should be able to set the limits, in either
>>> rate/s or usage/s: 1Mb/s or 10GB/h, for example.
>>>
>>> Then, any users, connecting from anywhere, on any IP should be blocked
>>> - either if he uploads or downloads (i.e ingres&    outgres) for a
>>> specific amount of time.
>>
>> Those requirements don't mesh very well with the real world.  That is,
>> people use use a network that they've been provided or paid for aren't
>> necessarily 'abusing' anything, and blocking access at times when the
>> network isn't fully loaded doesn't help anyone.  What's the big picture
>> here?  Don't you really need QOS to throttle certain things at peak
>> times only?
>>

>
> Les, it's not really about blocking people who paid.
>
> the servers in question provide a free service and no money is
> generated from it, but the client still pays for bandwidth so we'd
> like to cap heavy users a bit to avoid expensive bills.

Are you paying for bandwidth by total bits transferred or by peak or 
95th percentile rate?

> I know the requirements are strange, but I'm really hoping I could
> find something that could do this for us.
> Right now they have someone who monitors ntop and block IP's that way
> around, but it's inefficient and a salary which could have been spent
> elsewhere.

You should be able to automate what you are doing with ntop.  Or use a 
netflow collector to centralize the traffic counting and translate your 
rules into iptables settings.

-- 
   Les Mikesell
    lesmikesell@xxxxxxxxx

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos