Just to clarify how this works, so I know it's going to work for what I need: Let's say I have 10 subnets, I mark the packets coming from 3 of them with a 1. Now I just set an out-going limit on packets marked with 1 to let's say 100 bytes/second. Now, does the 100 bytes/sec apply to each connection, or to _all_ packets with that mark? What I want to make sure is that the entire subnet is limited to 100 bytes/sec, and not individual connections or src addy's...? Dan On Wed, 2001-12-19 at 12:07, Jerome PETAZZONI wrote: > > > I've been doing ipchains/tables firewalls for quite a while now, but I'd > > like to be able to do some bandwith shaping, and src-address based > > routing to specific net connections. > > I'll again do some advertisement for my bytelimit patch :-) > it is a patch for netfilter (iptables) allowing to limit bandwidth, > like the "limit" match but allowing to specify rates in bytes/second > instead of packets/second. > > you might combine this patch and SNAT to do "overflowing", i.e. > your first link will be used, and when it is "full" (or exceeds > a given bandwidth), further connections will be SNAT'ed with > another address, thus using the 2nd link. > > Jerome Petazzoni <skaya at enix dot org>
