1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Does Entware Iptables have --quota ?

Discussion in 'Tomato Firmware' started by Planiwa, Sep 25, 2013.

  1. Planiwa

    Planiwa LI Guru Member

    Does Entware Iptables have --quota ?

    Perhaps someone with entware can post the result of

    "iptables --help" ?

    Thanks!
     
    Last edited: Sep 25, 2013
  2. koitsu

    koitsu Network Guru Member

    To readers: what the OP is talking about is a netfilter/iptables extension for bandwidth quotas on a per-rule basis (e.g. using 2 rules, limit/allow inbound TCP port 8000 up to 50MBytes, then drop traffic after that point). Details:

    http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.html
    http://webcache.googleusercontent.com/search?q=cache:DW7ssnPYKxcJ:www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.html &cd=3&hl=en&ct=clnk&gl=us&client=firefox-a

    (2nd URL is Google cached version, because right now netfilter.org is down for me)

    Entware has no bearing/relation to this situation. What you've meant to ask: do any Tomato firmwares have this netfilter/iptables extension built in to them?

    The patch may require kernel modifications (i.e. more than just netfilter/iptables), but I'm not sure.

    Also, I just found this, which seems to imply netfilter/iptables quotas are not necessarily reliable or have a questionable past: http://superuser.com/questions/253533/quotas-with-iptables

    You may be able to accomplish aggregate bandwidth limiting (readers: this is not rate-limiting but rather start dropping traffic once an amount of transferred traffic has been reached) using tc (documentation), but I'm not sure. Others here can help you with that, I cannot.
     
  3. ryzhov_al

    ryzhov_al Networkin' Nut Member

    Please, do not use iptables from Entware, it will not work better then (native) Tomato's one. iptables package was compiled for some poor system like Realtek media players, where no iptables at all.
     
  4. Planiwa

    Planiwa LI Guru Member

    Thanks for the responses @koitsu and @ryzhov_al. So I will forget about iptables --quota for now.

    Gargoyle is not an option for the RT-N66U.

    Fortunately the new ISP provides Data Usage reports on a straight-forward web page that can be read easily with Curl.
    Then the router can simply take fail-safe action when necessary.

    (It's fairly easy to identify the (ab)users for the penalty-box, by virtue of Zipf's laws. :))
     

Share This Page