[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Traffic control

Hi, I use for such purpose ipfm 
(http://freshmeat.net/projects/ipfm/?topic_id=862). It writes one file
as output and you can see there IP,input bytes,output bytes,total for a
given period of time (sorted as you wish). Such output is easy to load
to mysql (or other DB), or, if there is not many records, you can create
ipchains rules direct by parsing raw file. If you need traffic per
service (I mean if there is a lot of different traffic and you need only
http) ipfm can not help you. 

Another way is to use ipchains counters. But then you need a rule for
every IP.


On Thu, 2002-12-12 at 17:08, Marco Antonio wrote:
> Hi all,
> Here we have a debian firewall with 3 interfaces (in, out & dmz) running ipchains.
> Now we are facing a problem: some people are making 'automated searches' on our www server -an ugly IIS5 :), and we intend to block this kind of search. I was thinking about blocking it on the firewall, this way: regularly I would collect some stats about the traffic, and if some client IP reaches a 'limit', I would re-run the firewall script and block that IP.
> Well, here goes my ask for help: can anybody give me some simple clues on how to collect those stats? I really don't know a lot about ipchains, but can it do the job? How? Or will I need another package like ipac or something? 
> What I really need is something like a file with three fields, "Client IP, Time elapsed, Number of bytes" that I can process.
> I tried ipac, but it seemed so difficult to me to use it...
> Thanks in advance.
> -- 
> __________________________________________________________
> Sign-up for your own FREE Personalized E-mail at Mail.com
> http://www.mail.com/?sr=signup
> One click access to the Top Search Engines
> http://www.exactsearchbar.com/mailcom
> -- 
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: