Limiting the inbound data being sent over a specific port with iptables?

[Dillybob]

I'm trying to limit the amount of inbound data per IP every 60 seconds.

For example, every IP that connects to the server is limited to a threshold of 5 megabytes every 60 seconds and cannot surpass that amount.

For example: My rule already limits each IP with up to 10 requests ever 60 seconds:

# Allows Websocket Connections (only 10 attempts by an IP every 60 seconds, drop the rest) ~

iptables -A INPUT -p tcp -m tcp --dport 9300 -m state --state NEW -m recent --set --name WEBSOCKET --rsource

iptables -A INPUT -p tcp -m tcp --dport 9300 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --name WEBSOCKET --rsource -j DROP

iptables -A INPUT -p tcp -m state --state NEW --dport 9300 -j ACCEPT

But, how do I say; (Only 5 megabytes every 60 seconds), instead of just 'requests'? Is this even possible with iptables? As the data would need to be accumulated or kept track of somehow.

 

[tonyg]

Try these links (not direct answers, but should lead in right direction):

http://linux.die.net/man/8/tc

http://serverfault.com/questions/384132/iptables-limit-rate-of-a-specific-incoming-ip

 

[Dillybob]

Try these links (not direct answers, but should lead in right direction):

http://linux.die.net/man/8/tc

http://serverfault.com/questions/384132/iptables-limit-rate-of-a-specific-incoming-ip

Thanks tonyg.