Limit pps per src or dst

Home Page Forums Network Management Request a new feature Limit pps per src or dst

This topic contains 3 replies, has 0 voices, and was last updated by  AtroposX 6 years, 3 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #42562

    AtroposX
    Member

    Especially on a wireless network, a host can consume minimal amount of bandwidth, but the packets per second are huge, around 150-250/sec. If there was a way to incorporate perhaps “dstlimit” to limit the amount of pps to a dest or src, this could greatly reduce congestion on the effected network.

    I tried “-m limit –limit 2/s –limit-burst 1”, with a particular ip as the dest, and any for a src, to limit the pps for the download, though the log would keep polling bytes, but no change in actual pps usage.

    #50860

    AtroposX
    Member

    It looks like if in the FW rules you use

    1: the host ip as a dst, and in the custom iptables parameters, use “-m limit –limit X/s –limit-burst X”, and choose ACCEPT,
    2: then create a second FW rule under the first of the host ip as dst, and just a basic DROP….

    This will accept only the stated pps to the host as a download, or flip-flop it for the upload.

    #50861

    AtroposX
    Member

    Would it be possible to add this to the web interface such as webmin has at

    http://www.webmin.com/screenshots/chapter19/figure3.gif

    … the packet flow rate and burst rate? This is the same as the limit rule i stated earlier, just doesn’t have to be manually entered in the custom iptables field.

    #50862

    AtroposX
    Member

    In case anyone has wondered how to limit pps per ip in a subnet, using hashlimit is the best bet… i.e:

    iptables -A FORWARD -d 192.168.1.0/24 -m hashlimit –hashlimit 30/sec –hashlimit-mode dstip –hashlimit-name hosts -j ACCEPT

    iptables -A FORWARD -d 192.168.1.0/24 -j DROP

    This will accept 30pps/sec for each ip, and drop anything faster after that. Each ip address will have it’s own rule of 30pps, while only creating one iptables rule.

    #50863

    zeeshan
    Member

    the host ip as a dst, and in the custom iptables parameters, use “-m limit –limit X/s –limit-burst X”

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.