On Thu, 2012-02-16 at 20:01 +0000, J Webster wrote: > > Personally I use the rather brutal technique of looking for several > > connections to high port numbers from a single client. I dare say there > > are false positives, but it works for me. > > > > The details for that are here: > > > > http://andybev.com/index.php/Fair_traffic_shaping_an_ADSL_line_for_a_local_network_using_Linux [Top-posting fixed] > Will this work on CentOS 5? > No, according to this post: http://lists.centos.org/pipermail/centos/2008-June/059656.html > How important are the kernal and iptables versions to implement it? > You'll need connlimit and ipset. Connlimit became part of the stable kernel in 2.6.23 (thanks Jan). I can't remember whether ipset has made it into the stable kernel yet, but it certainly won't be in the kernel of CentOS 5 (unless it's available as a separate package). Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
