|
iptable quotas by ip
I'm looking to prevent a visitors from downloading +100M in a day from my website.
Most guides show just this, or with a -s ip_addr Code:
iptables -A OUTPUT -p tcp -m quota --quota 104857600The problem is this is with OUTPUT, so it's universal, once a cumulative 100M has been reached - everyone has been blocked (not to mention SSH) I presume that these connections are established, should I limit those? instead? |
Adding the '! -s 22' to your rule will allow ssh even when the quota is reached.
I'm not sure using the firewall to limit is the way you want to go here. |
| All times are GMT -5. The time now is 10:03 PM. |