I'm want use hashlimit to limit incoming/download speed: iptables -t filter -A FORWARD -d 10.10.0.0/16 -m hashlimit --hashlimit-above 10/sec --hashlimit-burst 2 --hashlimit-mode dstip --hashlimit-name pkt_limit --hashlimit-htable-max 270 --hashlimit-htable-expire 60000 -j REJECT --reject-with icmp-host-prohibited iptables -t filter -A FORWARD -d 10.10.0.0/16 -m hashlimit --hashlimit-above 12/sec --hashlimit-burst 2 --hashlimit-mode dstip --hashlimit-name pkt_limit --hashlimit-htable-max 270 --hashlimit-htable-expire 60000 -j ULOG --ulog-cprange 100 --ulog-qthreshold 1 --ulog-prefix "[test-hashlimit]" iptables -t filter -A FORWARD -s 10.10.0.0/16 -j ACCEPT I can verified hashlimit take effect by ulog, but I still observed download speed above 300kbyte/s ! The theory speed limit shoud be: (10 + 2) * 1460 bytes/s = 17kbyte/s, is't it ? Can someone tell me the ipt_hashlimit file format ? # cat /proc/net/ipt_hashlimit/pkt_limit 35 0.0.0.0:0->10.10.7.103:0 3200 3200 64 4 0.0.0.0:0->10.10.7.104:0 3200 3200 64 59 0.0.0.0:0->10.10.2.112:0 3200 3200 64 ... Thanks for some help, -- Dongsheng Song
Attachment:
signature.asc
Description: OpenPGP digital signature
