On Fri, March 10, 2006 05:39, Eduardo Fernández wrote: > Hi! > > I admin a linux router at a uni dorm, the internet link is adsl (low > upstream bw) so I to write a rule that limits (mostly outbound) p2p > traffic. I'm trying something like this: > > iptables -A FORWARD -m limit --limit 200/s --limit-burst 200 -p tcp > --syn --dport 4662 -j ACCEPT > iptables -A FORWARD -p tcp --syn --dport 4662 -j REJECT > > or > > iptables -A FORWARD -o $IFOUT -m limit --limit 100/s --limit-burst > 1000 -p tcp --syn --dport 4662 -j ACCEPT > iptables -A FORWARD -o $IFOUT -p tcp --syn --dport 4662 -j REJECT > > but it doesn't seem to work. I can't use hashlimit because I only can > use 2.4 (any patch to use hashlimit in 2.4?). Perhaps you'd better use the p2p patch because it's easy to circumvent --dport 4662. http://www.netfilter.org/projects/patch-o-matic/pom-extra.html#pom-extra-ipp2p Gr, Rob
