pourquoi tu ne verouilles pas carrément sa machine quand tu as besoin du tuyau ? C’est jamais que ton petit frère, tu peux abuser
Si tu veux PRECISEMENT partager en deux ton traffic, il te faut une vraie solution de qos.
Sinon, il y a d’autres options d’iptables dans les match, si tu sais ce qui te bouffe ta BP:
[quote] connbytes
Match by how many bytes or packets a connection (or one of the two flows constituting the connection) have tranferred so
far, or by average bytes per packet.[/quote]
[quote] connlimit
Allows you to restrict the number of parallel TCP connections to a server per client IP address (or address block).
(…)
# limit the nr of parallel http requests to 16 per class C sized network (24 bit netmask)
iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j REJECT[/quote]
[quote] connrate
This module matches the current transfer rate in a connection.
--connrate [!] [from]:[to]
Match against the current connection transfer rate being within 'from' and 'to' bytes per second. When the "!" argu-
ment is used before the range, the sense of the match is inverted.[/quote][quote] limit
This module matches at a limited rate using a token bucket filter. A rule using this extension will match until this limit
is reached (unless the `!' flag is used). It can be used in combination with the LOG target to give limited logging, for
example.
--limit rate
Maximum average matching rate: specified as a number, with an optional `/second', `/minute', `/hour', or `/day' suf-
fix; the default is 3/hour.
--limit-burst number
Maximum initial number of packets to match: this number gets recharged by one every time the limit specified above
is not reached, up to this number; the default is 5.
[/quote]