Forums

Jane
Jane
Offline
Resolved
0 votes
Good day

I’m a newbie at this, but very keen on learning more about how rules or scripts within the rules, are applied to the firewall to achieve various different results.
I installed and configured ClearOS Community Edition on a physical pc with enough resources.

My end goal is to achieve the following but I don’t know where to start.
I would really like some help with achieving my goal.

So here goes, my wish list, or challenge if you may.

1. I have a capped home data bundle of 50GB per month from my ISP.
2. I have 12 devices that share this 50GB of capped data per month. Not all the devices are connected at any one given time. There is a possibility of about 4 devices being connected at any one given time.

Case 1

3. I would like to set a monthly limit, of say 4GB per device, preferably by mac address.
4. I would like to set a daily limit, of say 250 MB per device, preferably by mac address.
5. Whenever any limit is reached or exceeded, all internet access needs to be stopped for that device, until that limit is reset. i.e. daily limit is reset the next day at 00:05, or the monthly limit rest on the first day of the new month at 00:05.
6. I would like to see a report of data usage per device, preferably by mac address.

Case 2

7. I would like to set a monthly limit, of say 8GB per user, I have 6 users in my family. The users can then use any device as their data usage will now be monitored or capped using their user name.
8. I would like to set a daily limit, of say 300MB per user, I have 6 users in my family. The users can then use any device as their data usage will now be monitored or capped using their user name.
9. Whenever any limit is reached or exceeded, all internet access needs to be stopped for that user, until that limit is reset. i.e. daily limit is reset the next day at 00:05, or the monthly limit rest on the first day of the new month at 00:05.
10. I would like to see a report of data usage per user.


I would appreciate the help with the above as I’m just a beginner when it comes to scripts and think that the above will make use of scripts.
I would like to see a solution for both cases, I think it will be a good learning experience for me to try and understand how the rules work in different scenarios.

I have a LTE wireless router that receives the internet from my ISP. I’ve disabled the DHCP and wireless broadcast on this router and wired it to the ClearOS router (PC) NIC. I’ve used the second NIC on the ClearOS router (PC) as a DHCP server and this is wired to another wireless router. This router is configured as an AP only. All my devices are connecting to the internet via this router.

My intention is to use the ClearOS router (PC) to monitor and limit the data usage of my family members and have a report thereof.
Monday, September 17 2018, 01:29 PM
Like
1
Share this post:
Responses (2)
  • Accepted Answer

    Saturday, October 20 2018, 08:05 AM - #Permalink
    Resolved
    0 votes
    I am not sure about monitoring the firewall. The logs are huge and you may hit rate monitoring issues if the logs come too fast. Rsyslog will suppress the logs if that happens. Make sure you split them out into a separate log file (use rsyslog) and remember to set up a logrotate function for it. I am not sure if it monitors packet size unless that is what the LEN field is. The good thing is that if you script it you can ignore local traffic. What about programs like ntop, or google "monitor traffic by ip linux" for lots of ideas.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, October 20 2018, 06:06 AM - #Permalink
    Resolved
    0 votes
    I also have the same issue!

    I wish to limit the daily data usage so any one user doesn't use it all up.
    There are four in our family and each member has 2-3 devices.
    There are a range of operating systems and packaged apps in play (iOS, Windows, Linux) so user authentication isn't possible and I would prefer a transparent setup.
    I would like to be able to define each user by a range of IP's (statically allocated to each MAC in DHCP) and would like to then limit each user/device group.

    I imagined logging all successful firewall traffic and running a script every 5 minutes to summarise the data usage and inserting a DENY rule for the offending IP's when the quota limit has been breached.
    Each night a cron job would put back the original set of firewall rules, thus re-enabling access for the next day.

    I would like a daily report of summarised usage per user/device group sorted by data volume so each family member can see what they used the most data on.
    The reply is currently minimized Show
Your Reply