Quota problem router stop

Amrassad1000 · June 4, 2022, 6:24pm

Hi there,

I have tried to set quota for some of my devices in my network
it was like that

iptables -t mangle -A OUTPUT -s 192.168.2.10 -p tcp -m quota --quota 2684354560 -j ACCEPT
iptables -t mangle -A OUTPUT -s 192.168.2.10 -j DROP

iptables -t mangle -A OUTPUT -s 192.168.2.11-p tcp -m quota --quota 2684354560 -j ACCEPT
iptables -t mangle -A OUTPUT -s 192.168.2.11 -j DROP

iptables -t mangle -A OUTPUT -s 192.168.2.12 -p tcp -m quota --quota 2684354560 -j ACCEPT
iptables -t mangle -A OUTPUT -s 192.168.2.12 -j DROP

but suddenly router stop and no internet over WIFI or ethernet and Icould not communicate to my router and I had to reset it
can any one help me what is wrong
thanks.

lleachii · June 4, 2022, 6:30pm

You set a quota and it worked, what's the issue?

Do you want to reset these quotas after a time period (e.g. daily)?

Amrassad1000 · June 4, 2022, 6:36pm

I have set this quota for only three devices but
not for all my devices
all devices not in the quota are stopped too

trendy · June 4, 2022, 8:50pm

You have set the rule in OUTPUT, but you want to block FORWARD?

Amrassad1000 · June 5, 2022, 7:48am

thanks for your replay can you help me fot this rules
iptables -A FORWARD -s 192.168.2.14 -m time --timestart 10:00 --timestop 20:00 -j ACCEPT

iptables -A FORWARD -s 192.168.2.14 -j DROP
i want to allow traffic from 10 am to 8 pm only
but it did not work
what is wrong in the rules
thanks.

Amrassad1000 · June 5, 2022, 8:51am

I have tired to write the rules in new way and it is worked
but i do not why
the new way rules are
iptables -A forwarding_rule -s 192.168.2.14 -m time --timestart 8:00 --timestop 8:30 -j ACCEPT
iptables -A forwarding_rule -s 192.168.2.14 -j DROP

trendy · June 5, 2022, 9:13am

Because you added the first set of rules at the bottom and traffic was matched and allowed before reaching the time rules.

Amrassad1000 · June 5, 2022, 9:47am

Sorry but I do not understand you
i have attached pic how the rules are

what is the wrong
thanks for your help

trendy · June 5, 2022, 3:55pm

Do a iptables-save -c -t filter and I'll show you.

lleachii · June 6, 2022, 1:45pm

You were told:

I believe you want to to use the Insert argument (-I) instead of Append (-A).

See: https://ipset.netfilter.org/iptables.man.html regarding the -I and -A arguments.