I used the following in an attempt to the limit bandwidth utilization of the few IP address on my network. Used this on a CentOS6 firewall. I will see how it works over time. It seems to work fine, but I need to do more testing. I used the limit numbers I did based on the total amount of bandwidth available, and how much I wanted to limit it. I basically tested different settings to get the numbers right. Now, I just need to see how it impacts the usage. In other words, is it usable as a solution for a small network?<\/p>\n
Create the chain: Send traffic I want to the chain:<\/p>\n iptables -I INPUT -s IPSorSUBNET<\/em> -j MYCHAIN<\/em> Configure the limit module to limit bandwidth in the chain: Drop any traffic that exceeds the limit: Update: I found using a different limit-burst unusable. However, keeping the limit and the limit-burst equal seems to actually be working well thus far. I have found that having the limit and limit-burst equal to 10 per second on my 1.3Mb\/s connection works well.<\/p>\n","protected":false},"excerpt":{"rendered":" I used the following in an attempt to the limit bandwidth utilization of the few IP address on my network. Used this on a CentOS6 firewall. I will see how it works over time. It seems to work fine, but I need to do more testing. I used the limit numbers I did based on [&hellip<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[297,76,298],"class_list":["post-798","post","type-post","status-publish","format-standard","hentry","category-documentation","tag-bandwidth","tag-iptables","tag-limit"],"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/798","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=798"}],"version-history":[{"count":3,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/798\/revisions"}],"predecessor-version":[{"id":801,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/798\/revisions\/801"}],"wp:attachment":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\niptables -N MYCHAIN<\/em><\/p>\n
\niptables -I FORWARD -s IPSorSUBNET<\/em> -j MYCHAIN<\/em><\/p>\n
\niptables -A MYCHAIN<\/em> -m limit –limit 5\/second –limit-burst 10 -j ACCEPT<\/p>\n
\niptables -A MYCHAIN<\/em> -j DROP<\/p>\n