From: Rudi Ahlers r...@softdux.com
the servers in question provide a free service and no money is
generated from it, but the client still pays for bandwidth so we'd
like to cap heavy users a bit to avoid expensive bills.
Hum, if it is www traffic, maybe put squid as a reverse proxy and use
On 18/08/2011 4:13, Craig White wrote:
On Wed, 2011-08-17 at 21:50 +0200, Rudi Ahlers wrote:
Hi,
I'm looking for a firewall (preferably on Linux / UNIX) that could
automatically block bandwidth abusers as soon as a connection goes
over a certain speed, or limit - i.e. either more than say
On Thu, Aug 18, 2011 at 4:13 AM, Craig White craigwh...@azapple.com wrote:
On Wed, 2011-08-17 at 21:50 +0200, Rudi Ahlers wrote:
Hi,
I'm looking for a firewall (preferably on Linux / UNIX) that could
automatically block bandwidth abusers as soon as a connection goes
over a certain speed, or
On Thu, 2011-08-18 at 19:20 +0200, Patrick Lists wrote:
Lmgtfy means let me google that for you. Posting such an url is a
pretty standard response to people who ask for help without first
making an effort to find some answers (by googling, etc.). The hint
is: do your homework first and
Let's try again:
I need to automatically block any user who abuses bandwidth, either
incoming or outgoing. I should be able to set the limits, in either
rate/s or usage/s: 1Mb/s or 10GB/h, for example.
Then, any users, connecting from anywhere, on any IP should be blocked
- either if he uploads
On Thu, 2011-08-18 at 21:01 +0200, Rudi Ahlers wrote:
I need to automatically block any user who abuses bandwidth, either
incoming or outgoing. I should be able to set the limits, in either
rate/s or usage/s: 1Mb/s or 10GB/h, for example.
First question is:
(a) how can you get the IP
On Thu, Aug 18, 2011 at 9:09 PM, Always Learning cen...@u61.u22.net wrote:
On Thu, 2011-08-18 at 21:01 +0200, Rudi Ahlers wrote:
I need to automatically block any user who abuses bandwidth, either
incoming or outgoing. I should be able to set the limits, in either
rate/s or usage/s: 1Mb/s or
On 8/18/2011 2:01 PM, Rudi Ahlers wrote:
Let's try again:
I need to automatically block any user who abuses bandwidth, either
incoming or outgoing. I should be able to set the limits, in either
rate/s or usage/s: 1Mb/s or 10GB/h, for example.
Then, any users, connecting from anywhere, on
If there isn't an existing system, or systems you can use together, your
only alternative is to create a system to satisfy your requirement. I
was speculating on the essentials.
--
With best regards,
Paul.
England,
EU.
___
CentOS mailing list
On Thu, 18 Aug 2011, Rudi Ahlers wrote:
Let's try again:
I need to automatically block any user who abuses bandwidth, either
incoming or outgoing. I should be able to set the limits, in either
rate/s or usage/s: 1Mb/s or 10GB/h, for example.
Then, any users, connecting from anywhere, on
On Thu, Aug 18, 2011 at 9:21 PM, Les Mikesell lesmikes...@gmail.com wrote:
On 8/18/2011 2:01 PM, Rudi Ahlers wrote:
Let's try again:
I need to automatically block any user who abuses bandwidth, either
incoming or outgoing. I should be able to set the limits, in either
rate/s or usage/s:
On 8/18/2011 2:15 PM, Rudi Ahlers wrote:
On Thu, Aug 18, 2011 at 9:09 PM, Always Learningcen...@u61.u22.net wrote:
On Thu, 2011-08-18 at 21:01 +0200, Rudi Ahlers wrote:
I need to automatically block any user who abuses bandwidth, either
incoming or outgoing. I should be able to set the
On Thu, Aug 18, 2011 at 9:25 PM, Mike m...@microdel.org wrote:
On Thu, 18 Aug 2011, Rudi Ahlers wrote:
Let's try again:
I need to automatically block any user who abuses bandwidth, either
incoming or outgoing. I should be able to set the limits, in either
rate/s or usage/s: 1Mb/s or
On 08/18/2011 08:45 PM, Rudi Ahlers wrote:
And you obviously think I didn't do my homework?
Did you see my specific requirement? Or did you just see how and
firewall and assumed google ?
I was not referring to you Rudi. Merely pointing out the lmgtfy concept
which imho seemed lost on Paul.
On Thu, Aug 18, 2011 at 9:29 PM, Les Mikesell lesmikes...@gmail.com wrote:
On 8/18/2011 2:15 PM, Rudi Ahlers wrote:
On Thu, Aug 18, 2011 at 9:09 PM, Always Learningcen...@u61.u22.net wrote:
On Thu, 2011-08-18 at 21:01 +0200, Rudi Ahlers wrote:
I need to automatically block any user who
I have read through that document link on
http://lartc.org/lartc.html#AEN1393 and the closest I could get is
rate limiting, but that doesn't actually block the IP if it goes over
a certain threshold, it just slows everything down.
So I'm not sure I fully understand your requirements. Why
On 8/18/2011 2:27 PM, Rudi Ahlers wrote:
I need to automatically block any user who abuses bandwidth, either
incoming or outgoing. I should be able to set the limits, in either
rate/s or usage/s: 1Mb/s or 10GB/h, for example.
Then, any users, connecting from anywhere, on any IP should be
On Thu, Aug 18, 2011 at 9:38 PM, Mike m...@microdel.org wrote:
I have read through that document link on
http://lartc.org/lartc.html#AEN1393 and the closest I could get is
rate limiting, but that doesn't actually block the IP if it goes over
a certain threshold, it just slows everything down.
On Thu, Aug 18, 2011 at 9:38 PM, Les Mikesell lesmikes...@gmail.com wrote:
Are you paying for bandwidth by total bits transferred or by peak or
95th percentile rate?
We pay per MB and the servers are connected to a 100MB/s port.
You should be able to automate what you are doing with ntop.
On 08/18/2011 09:31 PM, Rudi Ahlers wrote:
[snip]
I have read through that document link on
http://lartc.org/lartc.html#AEN1393 and the closest I could get is
rate limiting, but that doesn't actually block the IP if it goes over
a certain threshold, it just slows everything down.
How about
On Thu, 18 Aug 2011, Rudi Ahlers wrote:
On Thu, Aug 18, 2011 at 9:38 PM, Mike m...@microdel.org wrote:
I have read through that document link on
http://lartc.org/lartc.html#AEN1393 and the closest I could get is
rate limiting, but that doesn't actually block the IP if it goes over
a certain
On 08/18/11 12:43 PM, Rudi Ahlers wrote:
But, I'm not a programmer, so I don't know where to start.
hire one. your needs and requirements are vague and unique, no off the
shelf solution will do exactly what it is you want. you also need to
start thinking of your requirements in more precise
On Thu, Aug 18, 2011 at 9:52 PM, Mike m...@microdel.org wrote:
On Thu, 18 Aug 2011, Rudi Ahlers wrote:
On Thu, Aug 18, 2011 at 9:38 PM, Mike m...@microdel.org wrote:
I have read through that document link on
http://lartc.org/lartc.html#AEN1393 and the closest I could get is
rate limiting,
On 08/18/11 12:56 PM, Rudi Ahlers wrote:
BUT, if Steve changes his IP to circumvent the block, then his new IP
should be blocked as well.
how would you know this?
--
john r pierceN 37, W 122
santa cruz ca mid-left coast
On 8/18/2011 4:38 PM, John R Pierce wrote:
On 08/18/11 12:56 PM, Rudi Ahlers wrote:
BUT, if Steve changes his IP to circumvent the block, then his new IP
should be blocked as well.
how would you know this?
If he is using pop, imap, authenticated smtp, web services with a logged
in session,
On Thu, 2011-08-18 at 21:33 +0200, Patrick Lists wrote:
And yes I did look at your requirements but don't have the answer for
you. Maybe a combination of iptables and tc perhaps with connection
tracking thrown in?
IP tables would be a good place to link-in; perhaps route requests to a
On Thu, 2011-08-18 at 21:27 +0200, Rudi Ahlers wrote:
Bandwidth in our country is exuberantly expensive, probably about 20x
the price of bandwidth in the USA
Een oplossing voor Zuid Afrika ?
If your country has good internal Internet connections, host the site in
Europe or the USA where
Apologies for top posting.
I fear you will either have to work with cacti bandwidth alerts,
figuring out how to grab the client IP and push it into iptables; find
another way to get the client IP out of cacti and into iptables; or look
into the QoS capabilities within Linux.
On 08/18/2011 03:01
On Thu, 2011-08-18 at 21:56 +0200, Rudi Ahlers wrote:
BUT, if Steve changes his IP to circumvent the block, then his new IP
should be blocked as well.
How will you know Steve has successfully circumvented your block until
until the same Steve, with IP2, eventually exceeds the 'quota' ?
On Fri, Aug 19, 2011 at 12:57 AM, Always Learning cen...@u61.u22.net wrote:
On Thu, 2011-08-18 at 21:56 +0200, Rudi Ahlers wrote:
BUT, if Steve changes his IP to circumvent the block, then his new IP
should be blocked as well.
How will you know Steve has successfully circumvented your block
On 08/18/11 4:05 PM, Rudi Ahlers wrote:
The point it, it doesn't matter who the user is. As soon as an IP, any
IP exceeds the limit, it should get blocked.
you might take a look at the various fail2ban scripts that are commonly
used to block an IP for some period of time after a threshold
On Aug 17, 2011, at 3:50 PM, Rudi Ahlers r...@softdux.com wrote:
Hi,
I'm looking for a firewall (preferably on Linux / UNIX) that could
automatically block bandwidth abusers as soon as a connection goes
over a certain speed, or limit - i.e. either more than say 3Mb/s or
10GB in a giving
On 08/17/11 12:50 PM, Rudi Ahlers wrote:
A normal DDOS prevention firewall doesn't really work since it only
blocks traffic coming in. But I need to limit traffic going out as
well.
The servers behind the firewall will serve mail, http, ftp, sql and SSH
without requests coming in, no web etc
Hi,
I'm looking for a firewall (preferably on Linux / UNIX) that could
automatically block bandwidth abusers as soon as a connection goes
over a certain speed, or limit - i.e. either more than say 3Mb/s or
10GB in a giving period (like weekly / monthly).
But, I need it to block the IP to, or
On Wed, 2011-08-17 at 21:50 +0200, Rudi Ahlers wrote:
Hi,
I'm looking for a firewall (preferably on Linux / UNIX) that could
automatically block bandwidth abusers as soon as a connection goes
over a certain speed, or limit - i.e. either more than say 3Mb/s or
10GB in a giving period (like
35 matches
Mail list logo