I'm trying to deploy an application for a limited monthly traffic. Please can you tell me how can I do this ? I need to limit traffic on an interface under linux.
I'm trying to deploy an application for a limited monthly traffic. Please can you tell me how can I do this ? I need to limit traffic on an interface under linux.
You can take a look at the quota extension of iptables:
http://ipset.netfilter.org/iptables-extensions.man.html#lbBR
The idea could be to mark packets based on their destination ip/port and usinv the quota matching module and the MARK target.
Then this mark can be used to drop traffic or, even better, redirect it to another service warning the user about the quota reached.
As an example, imagine an telnet service like this:
iptables -t mangle -I PREROUTING --dport 23 -d 1.2.3.4 -m mark -m quota ! --quota 1000000 -j MARK --set-mark 0xa
iptables -t mangle -I PREROUTING --sport 23 -s 1.2.3.4 -m mark -m quota ! --quota 1000000 -j MARK --set-mark 0xa
iptables -t nat -I PREROUTING -m mark --mark 0xa -j REDIRECT --to-ports 2323
In this case user woulb be redirected to a dummy telnet service stating the service over quota on port 2323.
Another approach could be