How to limit bandwidth for social media
-
Hello,
I am looking to configure limited bandwidth for social media category, I have tried to find way to assign limited bandwidth social media category through firewall using traffic shapper but didn't find anyway to define social media category.
Please guide me.
Thanks
-
@atul-chauhan said in How to limit bandwidth for social media:
Please guide me.
Well, you would have to create and maintain an 'alias' that contains all the IP's used by these social media.
You could then using rules that filter on this alias.You're next question will be : "guide me how to find all these IP's".
That question is answered many, (no .. more !) times already.
Look at the "squid' sub forum for suggestions.Keep in mind : the collection "social media" is undefined and huge. Even better : these IP's change all the time.
-
@Gertjan Thanks for your reply but is it possible to go with DNS instead of IP?
-
?
Because you thing you can put in solething like
yahoo.com
facebook.com
google.com
twitter.comin an alias an that these will get resolved to all possible IP's ?
Well ... no.
(try it out for yourself ..)Btw : firewall don't work with URLs, only IPv4 and IPv6.
-
@Gertjan understood, do you know how can i use AS information in firewall rules?
-
From what I understood, this package can deal with AS.
-
Yes agreed,it deals with AS
-
@Gertjan understood mean i understand your point related to DNS, can you guide me how can i use AS in firewall rules
-
@atul-chauhan I never needed to block some one from visiting some site.
So, what I know is what I read in on this forum, experiences from other users. -
pfBlocker can deal with AS numbers and create aliases from the lists of IPs. Then you can use those alises in firewall rules.
pfBlocker will handle updating the alises periodically. For example:
Steve
-
@stephenw10 Thanks for reply, I have created Alias in pfBlocker IPv4 and added it in firewall, it fetch the list of IPs but not forwarding traffic from defined gateway. Hence if i trace host i can see ip in pfBlocker alias list
-
Um... not sure I understand. What are you trying to achieve? Sending traffic through a Limiter?
Can we see screenshots?
Steve
-
@stephenw10 I have created alias in IPv4 and created firewall rule for alias and sending traffic through specific gateway. But is not working hence alias fetch list ips and those are fine.
-
How are you testing? Are the states not going through that using IPs that appear in the Alias?
If not then the ASNs don't contain them so you will need to add more.
Steve
-
@stephenw10 To test gateway i am doing tracert for domain and ips. I can see ips listed in alias list but some time request route from different gateway
-
If the IPs you're testing to are in the list then they should always go via the specified gateway as long as some other pass rule isn't catching them first.
The only time that might not happen is if a firewall already exists via another gateway. If you tested then added the firewall rule then immediately tested again without clearing the states for example.Steve
-
@stephenw10 Below image of my firewall configuration, Please help me find out if i did anything wrong.
-
Ah, your rule is TCP only so traceroute won't be caught by it. Set it to any ipv4 protocol.
Steve
-
This post is deleted! -
@stephenw10 Thanks that works, this is such a big help. this is what i am trying to achieve from few days. Thanks a lot Stephenw
