RE: Traffic limitation with iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Well sorry. I can't understand your question.

" some chain reaches or exceedes any fixed value then IMMEDIATELY insert into that cahin new first rule (e.g. -j DROP)"
The Subject says "traffic limiting" but nothing in your body says dropping after an exceeded limit which is what QUOTA does.. you do not DROP packets as such with shaping, it merely puts them into a QUEUE and only on a congested network is where DROPing occurs.

what you want is TC which is part of iproute2 to do proper bandwidth throttling or use Bandwidth Arbitrator www.bandwidtharbitrator.com which is pretty good.


Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@xxxxxxxxxxxxxxxxxxxxxx

Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au
 

-----Original Message-----
From: Esteban Ribicic [mailto:eribicic@xxxxxxxxxxxx]
Sent: Wednesday, July 23, 2003 8:16 AM
To: George Vieira
Cc: epv_xemul@xxxxxxx; netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Re: Traffic limitation with iptables


that would not be shapping...ass dropping/rejecting packets implicates
much more yhing under tcp/ip..

maybe lartc.org may help too..(this is not the mailing-list i think)
fix me if im wrong
Esteban


On Wed, 23 Jul 2003 08:07:40 +1000
"George Vieira" <georgev@xxxxxxxxxxxxxxxxxxxxxx> wrote:

> Use the Quota patch and it'll limit the rule by itself..			
> 
> Thanks,
> ____________________________________________
> George Vieira
> Systems Manager
> georgev@xxxxxxxxxxxxxxxxxxxxxx
> 
> Citadel Computer Systems Pty Ltd
> http://www.citadelcomputer.com.au
> 
> 
> 
> -----Original Message-----
> From: Xemul [mailto:epv_xemul@xxxxxxx]
> Sent: Wednesday, July 23, 2003 2:09 AM
> To: netfilter@xxxxxxxxxxxxxxxxxxx
> Subject: Traffic limitation with iptables
> 
> 
> Hi.
> I wanna solve such a problem:
> When I see that byte counter on some chain reaches or exceedes any fixed
> value - then IMMEDIATELY insert into that cahin new first rule (e.g. -j
> DROP) or delete some rules from any other chain. Or more abstract - how
> can can discover that byte counter is higher than smth without
> "polling" chains?
> 
> Sorry for sending such a mail into announce, developers and user
> maillists but I need help as soon as possible. :)
> 
>
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux