Software to set a hotspot quota

[lochie600]

Hi all,
I'm in the process of planning a wlan rollout. Due to limited internet access over satellite I need a way to limit download/upload quota on a public wifi hotspot. I would like to limit clients from downloading/uploading over 150MB per 24 hours.

Any ideas for software I can use? I will be running ubiquiti gear but their wireless controller will not let me do that...

 

[hydranix]

First, this: https://www.theregister.co.uk/2017/03/16/ubiquiti_networking_php_hole/

Beware...


I'm suspecting that their gear runs Linux, based on some very brief and limited (google-ing for 3 minutes) research.

Apparently an admin on their forums says that the quota module for iptables/netfilter is included in the kernel that their gear runs.

If you can get a Linux shell or similar interface to the router or access point that all your user's data directly passes through, you can use iptables/netfilter rules to enforce quotas.


Here's an example of super basic quota using iptables. Youll obviously have much more complex rules for your network and it's layout.

# Load iptables quota module if it's not builtin
modprobe ipt_quota

# add first rule to iptables that ACCEPTS 1024(kb) of data out on tcp port 80
iptables -A OUTPUT -p tcp --dport 80 -m quota --quota 1024 -j ACCEPT

# add next rule that when the quota is reached will be checked by iptablesa
# once quota is reached, this rule will DROP all data out on tcp port 80
iptables -A OUTPUT -p tcp --dport 80 -j DROP

 

[lochie600]

First, this: https://www.theregister.co.uk/2017/03/16/ubiquiti_networking_php_hole/

Beware...


I'm suspecting that their gear runs Linux, based on some very brief and limited (google-ing for 3 minutes) research.

Apparently an admin on their forums says that the quota module for iptables/netfilter is included in the kernel that their gear runs.

If you can get a Linux shell or similar interface to the router or access point that all your user's data directly passes through, you can use iptables/netfilter rules to enforce quotas.


Here's an example of super basic quota using iptables. Youll obviously have much more complex rules for your network and it's layout.

# Load iptables quota module if it's not builtin
modprobe ipt_quota

# add first rule to iptables that ACCEPTS 1024(kb) of data out on tcp port 80
iptables -A OUTPUT -p tcp --dport 80 -m quota --quota 1024 -j ACCEPT

# add next rule that when the quota is reached will be checked by iptablesa
# once quota is reached, this rule will DROP all data out on tcp port 80
iptables -A OUTPUT -p tcp --dport 80 -j DROP

Thanks for your reply. Unfortunately I want a easily accessible interface as I will most likely be only setting the network up. Not maintaining it. FYI I had another site which potentially had the php flaw which has been upgraded.

 

[hydranix]

Thanks for your reply. Unfortunately I want a easily accessible interface as I will most likely be only setting the network up. Not maintaining it. FYI I had another site which potentially had the php flaw which has been upgraded.

Sorry for the late reply.

As I remember, the company that provides the software which runs on your network equipment does not have any easy gui interface to configure quota policies.

They have said to use iptable/netfilter (features of the Linux kernel) to enforce quotas. They provide no guide or information on how that is done, so I provided an example to point you in the right direction.


FYI, if you want to get your gear running the way you want, you will have to do some configuring through a remote terminal. If you've never used a terminal ("command prompt") before, it might feel intimidating, but trust me, it is much easier than it seems, and the software writers behind the shells have spent thousands of hours designing and coding them for people exactly in your position.