>>> "Eduardo Fernández" <efgonzalez@xxxxxxxxx> 3/9/2006 11:39:16 PM >>> >Hi! >I admin a linux router at a uni dorm, the internet link is adsl (low >upstream bw) so I to write a rule that limits (mostly outbound) p2p >traffic. I'm trying something like this: > >iptables -A FORWARD -m limit --limit 200/s --limit-burst 200 -p tcp >--syn --dport 4662 -j ACCEPT >iptables -A FORWARD -p tcp --syn --dport 4662 -j REJECT > >or > >iptables -A FORWARD -o $IFOUT -m limit --limit 100/s --limit-burst >1000 -p tcp --syn --dport 4662 -j ACCEPT >iptables -A FORWARD -o $IFOUT -p tcp --syn --dport 4662 -j REJECT > >but it doesn't seem to work. I can't use hashlimit because I only can >use 2.4 (any patch to use hashlimit in 2.4?). > >Thanks a lot! > >Edu These are some limit values that we use... (albiet a different application) -m limit --limit 40/second --limit-burst 60 -j ... -m limit --limit 7/second --limit-burst 12 -j ... perhaps your values are too high. <><Randy <><Randall Grimshaw Room 203 Machinery Hall Syracuse University Syracuse, NY 13244 315-443-5779 rgrimsha@xxxxxxx
