limit bandwidth incoming range ip

[oscaroxy]

Hi,
do exist a way in order to limit the bandwidth incoming from a range ip?
for instance 192.168.1.1 - 192.168.1.100 and 192.168.1.120 - 192.168.1.255, so 20 ip are free, and other are limited.
not the number of the connection, like work iptables:

Code: Select all

iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 10 --hitcount 10 -j DROP

I found "tc" command, but it work with single ip and not with range.
thanks

[jlehtone]

From what I've read, you can't limit incoming traffic at all (except drop at firewall).

[oscaroxy]

don't exist an application installable?
thanks

[BShT]

https://www.unix.com/man-page/centos/8/tc/

[oscaroxy]

can you give me the list of command?
not for a single ip, but for a range of ip, like my instance.
thanks a lot

[BShT]

traffic shaping is an advanced network configuration, the better you can do is to read the manual and understand what you are doing

[BShT]

but if you really want a fast food...


https://www.tldp.org/HOWTO/Adv-Routing- ... ingle.html

[oscaroxy]

the solution fast food is the solution I found, but that is for one IP and not for a range of IP, can you help me?
thanks

[BShT]

tc filter add dev eth1 protocol ip parent 1:0 prio 1 handle 6 fw flowid 1:1

ipset create shaping hash:net

populate shaping with your IPs:

IPs=IPs.txt

for IPS in $(cat ${IPs} | egrep -v "^#"); do
ipset -A shaping ${IPS}

done

then:

iptables -A PREROUTING -t mangle -m set --match-set shaping src -j MARK --set-mark 6


NOT TESTED!!!

[oscaroxy]

mmmmmh, not easy for me, can you explain, please?