/etc/bwctl/bwctld.limits is in bwctl-server 1.5.4+dfsg1-1build1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 | # This is an EXAMPLE "limits" file for the bwctld process.
#
# You SHOULD change this to meet the requirements for your local
# deployment needs!
#
# This example configuration allows Abilene measurement hosts to run
# tests to your server, but will not allow you to run tests to your own
# hosts. This is intentional so you will have to look at this file and
# modifiy it.
#
#
# Basics:
# Almost the same as owampd - with the following limit types defined:
#
# parent - specified which limit to inherit settings from
# bandwidth - Sets the maximum UDP bandwidth
# duration - Sets the maximum duration for tests
# allow_open_mode - Allows unauthenticated users
# allow_tcp - Allows for TCP tests
# allow_udp - Allows for UDP tests
# max_time_error - Sets the maximum time offset that the server will accept
# minimum_ttl - Sets the minimum TTL for traceroute tests
#
# setup the root node with max bandwidth as open as possible.
# Super-user access
limit root with \
bandwidth=900m, \
duration=60, \
allow_udp=on, \
allow_tcp=on, \
allow_open_mode=on, \
max_time_error=20
# Disable UDP tests for non-authorized users. Unspecified values default to
# parent permissions
limit regular with parent=root, \
allow_udp=off
# minimal everything
# send hackers and bad nets here
limit jail with parent=root, \
bandwidth=1, \
duration=1, \
allow_udp=off, \
allow_tcp=off, \
allow_open_mode=off
# Default everything to regular user access
# this allows TCP for up to 60 seconds and
# no UDP tests
assign default regular
# hacker and BBI networks
# this shows a 172.16 private address block being
# prohibited
# see RFC 1918 for a descripton of private address blocks
assign net 172.16.10.0/24 jail
# localhost (and any other hosts you completely trust)
# (might as well trust localhost, the user could run iperf directly...)
assign net 127.0.0.1/32 root
assign net ::1/128 root
|