Shaping outbound Traffic to Control Download Speeds with Linux

You should be able to rate limit tcp connections, if the remote servers are obeying tcp packet transmit and receive rules then you should be able to rate limit to avoid a dos.

I've had good success with HTB http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm

if your more familiar with cisco, then you could implement a qos policy on your gateway rather than on the server itself

using qos is a better solution than iptables --limit, it makes sure that available bandwidth is use effectively. No streams will be starved and each will be treated fairly.

HTB is quite advanced, you can use some of the other qos methods first to get a handle on how qos works. It's easy to write qos rules, but it's much harder to prove they are actually doing what you want is all use cases.


I think you could use iptables with "--limit", or maybe hashlimit (or with recent --seconds --hitcount). [Of course only as a temporary solution.]