Terminate the connection when it reachs 1mb w/ iptables

06-18-2006, 04:06 AM

Hi all...

I need to receive uploaded files and also would like to limit the size
of the files like email attatchements are limited.
Every time the user tries files larger than some kb, it terminates the
connection when it reachs the limit.

Is it possible to do it with iptables?

06-18-2006, 08:42 PM

On 17 Jun 2006, in the Usenet newsgroup comp.os.linux.networking, in article
<(E-Mail Removed) .com>, (E-Mail Removed)
wrote:

>I need to receive uploaded files and also would like to limit the size
>of the files like email attatchements are limited.
>Every time the user tries files larger than some kb, it terminates the
>connection when it reachs the limit.

How do you know that this packet is part of a single file. How do you
know that this download isn't trying to get 20 mails averaging 50KB in
size, verses one mail of 1 MB?

>Is it possible to do it with iptables?

I'd rather doubt it - perhaps a proxy server would be more suitable.

Old guy

06-18-2006, 09:38 PM

On Sun, 18 Jun 2006 15:42:04 -0500, (E-Mail Removed) (Moe Trin) wrote:

>On 17 Jun 2006, in the Usenet newsgroup comp.os.linux.networking, in article
><(E-Mail Removed) s.com>, (E-Mail Removed)
>wrote:
>
>>I need to receive uploaded files and also would like to limit the size
>>of the files like email attatchements are limited.
>>Every time the user tries files larger than some kb, it terminates the
>>connection when it reachs the limit.
>
>How do you know that this packet is part of a single file. How do you
>know that this download isn't trying to get 20 mails averaging 50KB in
>size, verses one mail of 1 MB?
>
>>Is it possible to do it with iptables?
>
>I'd rather doubt it - perhaps a proxy server would be more suitable.

Someone out there has a tcp connection cutter, but as you suggest, if
a single tcp connection carries several emails one gets into trouble.
Can OP enforce per email tcp connection?

Grant.
--
Cats are smarter than dogs. You can't make eight cats pull
a sled through the snow.

06-19-2006, 08:01 AM

Grant wrote:
> On Sun, 18 Jun 2006 15:42:04 -0500, (E-Mail Removed) (Moe Trin) wrote:
>
> Someone out there has a tcp connection cutter, but as you suggest, if
> a single tcp connection carries several emails one gets into trouble.
> Can OP enforce per email tcp connection?
>

I think that the right word is "connection cutter"! That is it. Let's
think on a website ok? One page will never exceed 1MB. So, what i have
to do is limit the connections by some Kb. If it exceed 1mb for
example, terminate it.

Any hint?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
iptables - allowing connection from a disallowed address	Mark Hobley	Linux Networking	4	05-22-2009 08:08 PM
dialup solution (as seconary connection / iptables )	sammy	Linux Networking	7	11-29-2008 10:51 PM
Iptables and slow Internet connection	Mark	Linux Networking	1	08-06-2007 08:31 PM
advice on the best tools and connectors to terminate my own cables	Ian R	Windows Networking	1	01-18-2007 07:33 AM
iptables and masquerading - slow to initiate connection	Rob	Linux Networking	5	08-21-2004 01:44 PM