Re: "segmented" traffic shaping bridge
On Thu, Dec 11, 2008 at 04:00:23AM -0300, Carlos Oliva G. wrote:
> what I desire: I need to put a bandwidth limit _on each_ source IP
> address from inside my network to any package marked by iptables/
> netfilter as an international destination, instead of an overall
> limit. I would also need to set different classes of upstream
> bandwidth limits, like 256, 512, 1024 and 2048 kbps.
did you already see/try iptables' module(s) dstlimit/hashlimit?
then you'd set N chains corresponding to N IP(ranges) source, each with
its own per-destination limit(s) rule(s). Alas, my experience dates back
to the (now gone) fuzzy module; as of iptables-current, seems that
hashlimit is what you want:
hashlimit uses hash buckets to express a rate limiting match
(like the limit match) for a group of connections using a single
iptables rule. Grouping can be done per-hostgroup (source and/or
destination address) and/or per-port.