Prosím vás jakej je přepočet v manglování packetů pokud chci nastavit connection Bytes, aby se pravidlo uplatnilo například pro prvních 50MB a pak se uplatní jiné...
Když uvažuju třeba 1MB tak tam patří vyplnit 1000000 ? Nebo jsou to bity čili přepočítávat * 8 ?
❗️Toto je původní verze internetového fóra ISPforum.cz do února 2020 bez možnosti registrace nových uživatelů. Aktivní verzi fóra naleznete na adrese https://telekomunikace.cz
Connection bytes
Connection bytes
0 x
No connbytes je iba v linuxe mk to nepodporuje ten ma iba connlimit a to je ina funkcia
inak z manualu iptables
connbytes
Match by how many bytes or packets a connection (or one of the two flows constituting the connection) have tranferred so far, or by average bytes per packet.
The counters are 64bit and are thus not expected to overflow
The primary use is to detect long-lived downloads and mark them to be scheduled using a lower priority band in traffic control.
The transfered bytes per connection can also be viewed through /proc/net/ip_conntrack and accessed via ctnetlink
[!] --connbytes from:[to]
match packets from a connection whose packets/bytes/average packet size is more than FROM and less than TO bytes/packets. if TO is omitted only FROM check is done. "!" is used to match packets not falling in the range.
--connbytes-dir [original|reply|both]
which packets to consider
--connbytes-mode [packets|bytes|avgpkt]
whether to check the amount of packets, number of bytes transferred or the average size (in bytes) of all packets received so far. Note that when "both" is used together with "avgpkt", and data is going (mainly) only in one direction (for example HTTP), the average packet size will be about half of the actual data packets.
Example:
iptables .. -m connbytes --connbytes 10000:100000 --connbytes-dir both --connbytes-mode bytes ...
inak z manualu iptables
connbytes
Match by how many bytes or packets a connection (or one of the two flows constituting the connection) have tranferred so far, or by average bytes per packet.
The counters are 64bit and are thus not expected to overflow
The primary use is to detect long-lived downloads and mark them to be scheduled using a lower priority band in traffic control.
The transfered bytes per connection can also be viewed through /proc/net/ip_conntrack and accessed via ctnetlink
[!] --connbytes from:[to]
match packets from a connection whose packets/bytes/average packet size is more than FROM and less than TO bytes/packets. if TO is omitted only FROM check is done. "!" is used to match packets not falling in the range.
--connbytes-dir [original|reply|both]
which packets to consider
--connbytes-mode [packets|bytes|avgpkt]
whether to check the amount of packets, number of bytes transferred or the average size (in bytes) of all packets received so far. Note that when "both" is used together with "avgpkt", and data is going (mainly) only in one direction (for example HTTP), the average packet size will be about half of the actual data packets.
Example:
iptables .. -m connbytes --connbytes 10000:100000 --connbytes-dir both --connbytes-mode bytes ...
0 x
Trevor píše:No connbytes je iba v linuxe mk to nepodporuje ten ma iba connlimit a to je ina funkcia
inak z manualu iptables
connbytes
Match by how many bytes or packets a connection (or one of the two flows constituting the connection) have tranferred so far, or by average bytes per packet.
The counters are 64bit and are thus not expected to overflow
The primary use is to detect long-lived downloads and mark them to be scheduled using a lower priority band in traffic control.
The transfered bytes per connection can also be viewed through /proc/net/ip_conntrack and accessed via ctnetlink
[!] --connbytes from:[to]
match packets from a connection whose packets/bytes/average packet size is more than FROM and less than TO bytes/packets. if TO is omitted only FROM check is done. "!" is used to match packets not falling in the range.
--connbytes-dir [original|reply|both]
which packets to consider
--connbytes-mode [packets|bytes|avgpkt]
whether to check the amount of packets, number of bytes transferred or the average size (in bytes) of all packets received so far. Note that when "both" is used together with "avgpkt", and data is going (mainly) only in one direction (for example HTTP), the average packet size will be about half of the actual data packets.
Example:
iptables .. -m connbytes --connbytes 10000:100000 --connbytes-dir both --connbytes-mode bytes ...
Ne to si nemyslím že to MT nepodporuje když to tam opravdu nabízí. Connection limit je o záložku dále v nastavování manglu. Jdi o záložku doleva a tam je connection Bytes.
0 x
