Page MenuHomePhabricator

bandwidth quota per Whonix-Workstation traffic feature
Open, NormalPublic

Description

Optional feature for limiting how much traffic a Whonix-Workstation may use in total per month.

Not very Whonix specific. Probably just missing documentation on how to do that with any proxy server for any client.

Event Timeline

Patrick created this task.Mar 19 2015, 7:13 PM
Patrick updated the task description. (Show Details)
Patrick raised the priority of this task from to Normal.

Can be done on gw with the iptables quota feature:
http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.html#ss3.13

The only reliable way to do this is on an interface basis because a malicious workstation can spoof it's IP and bypass rules based on that.

This will then need gw to support managing multiple internal networks/interfaces.

Can be done on gw with the iptables quota feature:
http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.html#ss3.13

Command works in Debian wheezy, although I didn't test yet if it stops if the actual quota is hit.

Adding such rules in the right place could be cumbersome. So alternative solutions are still welcome.

This will then need gw to support managing multiple internal networks/interfaces.

Not necessarily, but somewhat, yes. -> T242

The only reliable way to do this is on an interface basis because a malicious workstation can spoof it's IP and bypass rules based on that.

There are also other ways. These are documented here:
https://www.whonix.org/wiki/Connections_between_Whonix-Gateway_and_Whonix-Workstation
If you wish to discuss those, please open [and link] a new forum thread[s] or new ticket[s].