Connbytes iptables match

26.6.2002 several people reported broken patch. Yes ipt_connbytes.h was missing. It is hopefuly repired now.
22.4.2003 Nikolaj Fogh have made kernel patch against 2.4.20. See below.

2.2.2004 Patch for 2.4.24 from Kovarththanan Rajaratnam is here. No time to write long story. Here is content of Readme:

The connbytes patch adds new match to the iptables. New
field is added to the conntrack structure so that we can 
count transfered bytes per connection.
The counter is limited to value 0xffff0000. Thus it can't
overflow and also can't measure more than 4GBytes.

The primary usage is to detect long-lived download connections
(often HTTP/FTP/SMTP/NNTP or SCP) and mark them to be scheduled
using lower priority band in Traffic Control.

I also patched /proc/net/ip_conntrack output so that bytes are
displayed here too.

Apply the patches to kernel tree and iptables userspace
tool tree, recompile and install.

Example of usage:
 iptables -A INPUT -m connbytes --connbytes 10000:100000 -j DROP

Syntax:

[!] --connbytes FROM:[TO]
It will match packets from connection which transfered more
than FROM and less than TO bytes. If TO is ommited then only
FROM check is done. "!" is used to select packets not belonging
to range above.

devik@cdi.cz

And here is download: connbytes-1.0a-patches.tgz. this patch is against 2.4.17 kernel and 1.2.4 iptables userspace tool.

For 2.4.20 use iptables tool patch from above plus this kernel patch.