Limit bandwidth utilization using iptables.
- August 3rd, 2012
- Posted in Documentation
- Write comment
I used the following in an attempt to the limit bandwidth utilization of the few IP address on my network. Used this on a CentOS6 firewall. I will see how it works over time. It seems to work fine, but I need to do more testing. I used the limit numbers I did based on the total amount of bandwidth available, and how much I wanted to limit it. I basically tested different settings to get the numbers right. Now, I just need to see how it impacts the usage. In other words, is it usable as a solution for a small network?
Create the chain:
iptables -N MYCHAIN
Send traffic I want to the chain:
iptables -I INPUT -s IPSorSUBNET -j MYCHAIN
iptables -I FORWARD -s IPSorSUBNET -j MYCHAIN
Configure the limit module to limit bandwidth in the chain:
iptables -A MYCHAIN -m limit –limit 5/second –limit-burst 10 -j ACCEPT
Drop any traffic that exceeds the limit:
iptables -A MYCHAIN -j DROP
Update: I found using a different limit-burst unusable. However, keeping the limit and the limit-burst equal seems to actually be working well thus far. I have found that having the limit and limit-burst equal to 10 per second on my 1.3Mb/s connection works well.
Great! Very useful also to limit bandwidth outgoing from one server to another one that returns Too Many Requests error.
in that case just one
iptables -I OUTPUT -s IPSorSUBNET -j MYCHAIN
Thank you!
Thanks for the script