[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "segmented" traffic shaping bridge

On Thu, Dec 11, 2008 at 04:00:23AM -0300, Carlos Oliva G. wrote:
> what I desire: I need to put a bandwidth limit _on each_ source IP  
> address from inside my network to any package marked by iptables/ 
> netfilter as an international destination, instead of an overall  
> limit. I would also need to set different classes of upstream  
> bandwidth limits, like 256, 512, 1024 and 2048 kbps.

did you already see/try iptables' module(s) dstlimit/hashlimit?
then you'd set N chains corresponding to N IP(ranges) source, each with
its own per-destination limit(s) rule(s). Alas, my experience dates back 
to the (now gone) fuzzy module; as of iptables-current, seems that 
hashlimit is what you want:

hashlimit  uses  hash  buckets  to  express a rate limiting match
(like the limit match) for a group of connections using a  single
iptables  rule. Grouping can be done per-hostgroup (source and/or
destination address) and/or per-port.


Reply to: