Iptables: --limit, and bandwidth limiters.
I just want to learn how to use iptables. I want to set up my firewall by hand, but I have not very clear what does the --limit directive work. Does it only limit how much packets does match a rule? I ask this because I plan to use something to limit the bandwidth of some computer in my LAN. Ciao, Tazio
On Thu, Sep 06, 2001 at 08:54:06PM +0200, Praise wrote:
I just want to learn how to use iptables. I want to set up my firewall by hand, but I have not very clear what does the --limit directive work. Does it only limit how much packets does match a rule?
I ask this because I plan to use something to limit the bandwidth of some computer in my LAN.
limit only limits the frequency that a packet can match a rule. For example, iptables -A INPUT -m limit --limit 1/min -p icmp -j LOG will only log one ICMP packet per minute. HTH, -v -- Victor R. Cardona 12:03am up 13 days, 6:34, 1 user, load average: 1.04, 1.02, 1.00 Powered by SuSE Linux 7.1 (i386) 2.4.5-64GB-SMP
On Thu, Sep 06, 2001 at 08:54:06PM +0200, Praise wrote:
I just want to learn how to use iptables. I want to set up my firewall by hand, but I have not very clear what does the --limit directive work. Does it only limit how much packets does match a rule? =20 I ask this because I plan to use something to limit the bandwidth of some computer in my LAN.=20
limit only limits the frequency that a packet can match a rule. For=20 example, iptables -A INPUT -m limit --limit 1/min -p icmp -j LOG will=20 only log one ICMP packet per minute.=20
What could I use to limit the bandwidth? Tazio
On Fri, Sep 07, 2001 at 02:43:00PM +0200, Praise wrote:
On Thu, Sep 06, 2001 at 08:54:06PM +0200, Praise wrote:
I just want to learn how to use iptables. I want to set up my firewall by hand, but I have not very clear what does the --limit directive work. Does it only limit how much packets does match a rule? =20 I ask this because I plan to use something to limit the bandwidth of some computer in my LAN.=20
limit only limits the frequency that a packet can match a rule. For=20 example, iptables -A INPUT -m limit --limit 1/min -p icmp -j LOG will=20 only log one ICMP packet per minute.=20
What could I use to limit the bandwidth?
I believe that there is an experimental traffic shaper option in the kernel. To be honest, I don't know how you would do that. -v -- Victor R. Cardona 10:34am up 13 days, 17:05, 1 user, load average: 1.00, 1.00, 0.99 Powered by SuSE Linux 7.1 (i386) 2.4.5-64GB-SMP
you can use the traffic shaper module in the kernel, but it only limits outgoing bandwidth, not incoming bandwidth. look in /usr/src/linux/Documentation/network/shaper.txt to get more info on this. On Fri, 7 Sep 2001, Victor R. Cardona wrote:
On Fri, Sep 07, 2001 at 02:43:00PM +0200, Praise wrote:
On Thu, Sep 06, 2001 at 08:54:06PM +0200, Praise wrote:
I just want to learn how to use iptables. I want to set up my firewall by hand, but I have not very clear what does the --limit directive work. Does it only limit how much packets does match a rule? =20 I ask this because I plan to use something to limit the bandwidth of some computer in my LAN.=20
limit only limits the frequency that a packet can match a rule. For=20 example, iptables -A INPUT -m limit --limit 1/min -p icmp -j LOG will=20 only log one ICMP packet per minute.=20
What could I use to limit the bandwidth?
I believe that there is an experimental traffic shaper option in the kernel. To be honest, I don't know how you would do that.
-v -- Victor R. Cardona 10:34am up 13 days, 17:05, 1 user, load average: 1.00, 1.00, 0.99 Powered by SuSE Linux 7.1 (i386) 2.4.5-64GB-SMP
I have been searching for shapers, but it looks like they are disappeared. At least the two on freshmeat are broken links, and the one working looks to be only for ethernet. Anybody has got something better? Tazio Il 17:45, venerdì 7 settembre 2001, dog@intop.net ha scritto:
you can use the traffic shaper module in the kernel, but it only limits outgoing bandwidth, not incoming bandwidth. look in /usr/src/linux/Documentation/network/shaper.txt to get more info on this.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On September 7, 2001 12:36 pm, Victor R. Cardona wrote:
On Fri, Sep 07, 2001 at 02:43:00PM +0200, Praise wrote:
On Thu, Sep 06, 2001 at 08:54:06PM +0200, Praise wrote:
I just want to learn how to use iptables. I want to set up my firewall by hand, but I have not very clear what does the --limit directive work. Does it only limit how much packets does match a rule? =20 I ask this because I plan to use something to limit the bandwidth of some computer in my LAN.=20
limit only limits the frequency that a packet can match a rule. For=20 example, iptables -A INPUT -m limit --limit 1/min -p icmp -j LOG will=20 only log one ICMP packet per minute.=20
What could I use to limit the bandwidth?
I believe that there is an experimental traffic shaper option in the kernel. To be honest, I don't know how you would do that.
The experimental one is effectively deprecated. To do it the preferred way, you need to enable QoS in the kernel and have the iproute2 utilities installed (SuSE includes these, but it may be optional). You have to use the tc and ip commands to set it up. It's pretty complicated, actually. Do a search for "QoS iproute2" to find information on it. - -- James Oakley Engineering - SolutionInc Ltd. joakley@solutioninc.com http://www.solutioninc.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7mQN2+FOexA3koIgRAoWHAJ9u6jT8+4fF5cmF8gTaGLtdCliQbACeNccY iDeEkKMiDzlIoQ9+QLdFR/I= =S82V -----END PGP SIGNATURE-----
participants (5)
-
dog@intop.net
-
James Oakley
-
Praise
-
Togan Muftuoglu
-
Victor R. Cardona