Aug. 13th, 2011

My little RB keeps me connected to a small VPN of random enthusiast types. We do this mostly just for the hell of it, but one feature is access to suitable file shares on our LANs.

I've held off on opening any of that up for the moment as I didn't want to risk having my upstream slagged. But here's how to do a really simple rate limit on data coming from a specific host on my network to destinations on the VPN:


/ip firewall mangle
add action=mark-packet chain=prerouting disabled=no dst-address=10.0.0.0/8 \
    new-packet-mark=files passthrough=no protocol=tcp src-address=10.8.0.10

/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
    disabled=no interface=all limit-at=0/0 max-limit=1M/1M name=vpn-files \
    packet-marks=files parent=none priority=8 queue=default/default \
    total-queue=default-small


The host on my end is 10.8.0.10. The VPN more broadly is 10/8. Those two rules are all it takes. 1Mbps is about a third of my upstream, which is enough to let people slowly snarf things without any real noticeable impact on my own use of my net connection.

Profile

Abort, Rephrase, Ignore?

October 2011

S M T W T F S
       1
2 345678
9101112131415
16171819202122
23242526272829
3031     

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags