and_woox

Thanks for the links.

Will check them.

none of you know about this?

I was researching on how to patch the kernel, trying to install connbytes match, but to no avail.

What do you think i should look for?

Thank you

I have some scripts on my box and i was looking for a command to show the line number for a specific rule but to no avail.

Do you know how i can find it out?

Thank you

Hey ianw1974, what do you think?

Thanks for the tip.

I used this script for connbytes:

iptables -A INPUT -s 198.168.1.196 -m connbytes --connbytes 3000000: -j DROP

but my connection kept going.

Do you see anything missing?

iptables-save and iptables-restore will reset counters

For me to use these commands i will have to work with other iptables.

Is there a way for me to reset the counter in a direct way?

none of you know about this?

thanks

I'm looking for a command to list the installed modules of my kernel.

Do you know what command i could use?

Thank you

I'm working with connbytes to limit the number of traffic(in/out) for a client in my network, but to no avail.

For example if i would like to limit all trafic(not restricted to one client) i could use:

iptables -A INPUT -m connbytes --connbytes 10000:100000 -j DROP

How i would especify an ip?

How can i reset this counter every month?

Thank you

Thanks for the reply.

Could you walk me over your script?

Please i'm working on an iptables script where i can grant a certain amount of monthly traffic, for example grant 8g to one client per month and if he passes that amount his connection becomes unavailable.

I'm trying to find a command that serves as a network traffic counter.

What should i be looking for?

Thanks

So do you think this script can work well?

iptables -I FORWARD -s 192.168.1.2 -p udp -m connlimit --connlimit-above 100 -j DROP

anyone?

Please i'm creating a script and some people are telling me that linux based machines dont handle the udp protocol, is this right?

So basically what the implicants of using the'' -p udp'' on my script?

Thanks

Please i'm working on a script to limit the bandwidth for certain clients on my network(using a router running a linux firmware).

The router is the asus wl-500g, and i'm not sure if this script is finished yet.

Before i load it to my router i prefer to be sure that everything is ok.

What do you think about the script?

TCA="tc class add dev br0"

TFA="tc filter add dev br0"

tc qdisc del dev br0 root

tc qdisc add dev br0 root handle 1: htb

tc class add dev br0 parent 1: classid 1:1 htb rate 3480kbit

$TCA parent 1:1 classid 1:10 htb rate 256kbit ceil 256kbit prio 2

$TCA parent 1:1 classid 1:11 htb rate 256kbit ceil 256kbit prio 2

$TFA parent 1:0 prio 2 protocol ip handle 10 fw flowid 1:10

$TFA parent 1:0 prio 2 protocol ip handle 11 fw flowid 1:11

iptables -t mangle -A POSTROUTING -d 192.168.1.2 -j MARK --set-mark 10

iptables -t mangle -A POSTROUTING -d 192.168.1.3 -j MARK --set-mark 11

tc qdisc add dev br0 ingress

$TFA parent ffff: protocol ip u32 match ip src 192.168.1.2 flowid :1 police rate 160kbit mtu 12k burst 10k drop

$TFA parent ffff: protocol ip u32 match ip src 192.168.1.3 flowid :1 police rate 160kbit mtu 12k burst 10k drop

iptables -I FORWARD -s 192.168.1.2 -p tcp -m connlimit --connlimit-above 100 -j DROP

iptables -I FORWARD -s 192.168.1.3 -p tcp -m connlimit --connlimit-above 100 -j DROP