LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-05-2007, 01:28 AM   #1
koobi
Member
 
Registered: Jun 2006
Location: Colombo, Sri Lanka
Distribution: Ubuntu
Posts: 103

Rep: Reputation: 15
Using iptables for something very specific - bandwidth based on user/day/time


Hi,
I'm very new to iptables but i've been reading the manual the last few days and i really like it so i was trying a few things out but i need your help.

on weekdays, between 4am and 4pm, i want to limit all root users on my local network to an equal amount of HTTP bandwidth. suppose my total download speed is 60kbps, if there are two root users logged on, i want each user to have 30kbps but if there are three users, i want to give each user 20kbps, etc. how would i append my rule below in order to achieve this? i believe i have to use the hashlimit module to use this feature but i'm not sure how.


also, is my usage of --uid-owner below correct? or should it be prefixed by '-m state'?


Code:
iptables -A INPUT -p tcp --dport http --timestart 04:00 --timestop 16:00 --days Mon,Tue,Wed,Thu,Fri -s 192.168.0.0/16 --uid-owner 0 -m state --state NEW -j ACCEPT

Thanks.
 
Old 10-05-2007, 01:54 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
--uid-owner only works on the OUTPUT chain. As for your syntax, matches need to be preceeded by the module they belong to. Since --uid-owner belongs to the owner module, it goes like:
Code:
-m owner --uid-owner example

Last edited by win32sux; 10-05-2007 at 01:58 AM.
 
Old 10-05-2007, 02:04 AM   #3
koobi
Member
 
Registered: Jun 2006
Location: Colombo, Sri Lanka
Distribution: Ubuntu
Posts: 103

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by win32sux View Post
--uid-owner only works on the OUTPUT chain. As for your syntax, matches need to be preceeded by the module they belong to. Since --uid-owner belongs to the owner module, it goes like:
Code:
-m owner --uid-owner example
Hi,
Thanks for the reply.

the uid issue makes sense.

regarding the -m switch, how would this be valid then? since --dport belongs to a module, right?
Code:
iptables -A INPUT -p tcp --dport ssh -m comment --comment "work PC" -s 10.0.0.15 -j ACCEPT


also, could you guide me on how to manage logs based on syslogd? i read that dmesg and syslogd are the two methods to store logs...i'm not too fond of dmesg even with grep so i was hoping to try out syslogd.
 
Old 10-05-2007, 02:29 AM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by koobi View Post
regarding the -m switch, how would this be valid then? since --dport belongs to a module, right?
The ability to use --dport is implicit once you use a -p or --protocol for a protocol which has a "ports" concept.

Quote:
also, could you guide me on how to manage logs based on syslogd? i read that dmesg and syslogd are the two methods to store logs...i'm not too fond of dmesg even with grep so i was hoping to try out syslogd.
This is an off-topic issue. Try doing some searching and if you don't find the info you want please start a new thread.

PS: I'm moving this thread to Networking, as it's not a security question. I'll leave a redirect here for a couple days.

Last edited by win32sux; 10-05-2007 at 04:29 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
user based bandwidth restriction through squid jaychoksi2003 Linux - Security 3 10-23-2005 05:10 AM
squid + bandwidth cutoff at specific times of day avirup dasgupta Linux - Networking 2 09-01-2005 02:42 AM
iptables: blocking something.com for specific time farhan Linux - Security 2 06-11-2005 10:15 AM
Time-based Automatic Bandwidth Limiting Electric-Gerbil Linux - Networking 1 03-27-2005 02:32 PM
Limit time for a user per day davholla Linux - General 11 08-22-2004 02:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration