Using iptables for something very specific - bandwidth based on user/day/time
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Using iptables for something very specific - bandwidth based on user/day/time
Hi,
I'm very new to iptables but i've been reading the manual the last few days and i really like it so i was trying a few things out but i need your help.
on weekdays, between 4am and 4pm, i want to limit all root users on my local network to an equal amount of HTTP bandwidth. suppose my total download speed is 60kbps, if there are two root users logged on, i want each user to have 30kbps but if there are three users, i want to give each user 20kbps, etc. how would i append my rule below in order to achieve this? i believe i have to use the hashlimit module to use this feature but i'm not sure how.
also, is my usage of --uid-owner below correct? or should it be prefixed by '-m state'?
Code:
iptables -A INPUT -p tcp --dport http --timestart 04:00 --timestop 16:00 --days Mon,Tue,Wed,Thu,Fri -s 192.168.0.0/16 --uid-owner 0 -m state --state NEW -j ACCEPT
--uid-owner only works on the OUTPUT chain. As for your syntax, matches need to be preceeded by the module they belong to. Since --uid-owner belongs to the owner module, it goes like:
--uid-owner only works on the OUTPUT chain. As for your syntax, matches need to be preceeded by the module they belong to. Since --uid-owner belongs to the owner module, it goes like:
Code:
-m owner --uid-owner example
Hi,
Thanks for the reply.
the uid issue makes sense.
regarding the -m switch, how would this be valid then? since --dport belongs to a module, right?
also, could you guide me on how to manage logs based on syslogd? i read that dmesg and syslogd are the two methods to store logs...i'm not too fond of dmesg even with grep so i was hoping to try out syslogd.
regarding the -m switch, how would this be valid then? since --dport belongs to a module, right?
The ability to use --dport is implicit once you use a -p or --protocol for a protocol which has a "ports" concept.
Quote:
also, could you guide me on how to manage logs based on syslogd? i read that dmesg and syslogd are the two methods to store logs...i'm not too fond of dmesg even with grep so i was hoping to try out syslogd.
This is an off-topic issue. Try doing some searching and if you don't find the info you want please start a new thread.
PS: I'm moving this thread to Networking, as it's not a security question. I'll leave a redirect here for a couple days.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.