Re: "segmented" traffic shaping bridge

To: debian-firewall@lists.debian.org
Subject: Re: "segmented" traffic shaping bridge
From: Paolo <oopla@users.sf.net>
Date: Thu, 11 Dec 2008 15:40:14 +0100
Message-id: <[🔎] 20081211144013.GA13664@localhost>
Mail-followup-to: oopla@liszt.debian.org, debian-firewall@lists.debian.org
In-reply-to: <[🔎] CAC88268-C439-43B4-9A8C-2F574BB66C74@igloo.cl>
References: <[🔎] CAC88268-C439-43B4-9A8C-2F574BB66C74@igloo.cl>

On Thu, Dec 11, 2008 at 04:00:23AM -0300, Carlos Oliva G. wrote:
> what I desire: I need to put a bandwidth limit _on each_ source IP  
> address from inside my network to any package marked by iptables/ 
> netfilter as an international destination, instead of an overall  
> limit. I would also need to set different classes of upstream  
> bandwidth limits, like 256, 512, 1024 and 2048 kbps.

did you already see/try iptables' module(s) dstlimit/hashlimit?
then you'd set N chains corresponding to N IP(ranges) source, each with
its own per-destination limit(s) rule(s). Alas, my experience dates back 
to the (now gone) fuzzy module; as of iptables-current, seems that 
hashlimit is what you want:

"...
hashlimit  uses  hash  buckets  to  express a rate limiting match
(like the limit match) for a group of connections using a  single
iptables  rule. Grouping can be done per-hostgroup (source and/or
destination address) and/or per-port.
..."

-- 
paolo

Reply to:

Follow-Ups:
- Re: "segmented" traffic shaping bridge
  - From: Mark Chong <mchong@qk.com.au>

References:
- "segmented" traffic shaping bridge
  - From: "Carlos Oliva G." <carlos.oliva@igloo.cl>

Prev by Date: "segmented" traffic shaping bridge
Next by Date: Re: "segmented" traffic shaping bridge
Previous by thread: "segmented" traffic shaping bridge
Next by thread: Re: "segmented" traffic shaping bridge
Index(es):
- Date
- Thread