path: root/extensions
diff options
authorJan Engelhardt <>2008-08-15 22:13:57 +0200
committerPablo Neira Ayuso <>2008-08-15 22:13:57 +0200
commita47bb4a9fa24db2f3ba6559c9175f3f1144ee74c (patch)
treefbf3cfebc9bddaefde490911cc8e315febd49df8 /extensions
parent7d0917b8f94ffc9dd236799cff86e80daf5dd340 (diff)
manpages: add missing rateest match documentation
Signed-off-by: Jan Engelhardt <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'extensions')
1 files changed, 55 insertions, 0 deletions
diff --git a/extensions/ b/extensions/
new file mode 100644
index 00000000..6d32d51d
--- /dev/null
+++ b/extensions/
@@ -0,0 +1,55 @@
+The rate estimator can match on estimated rates as collected by the RATEEST
+target. It supports matching on absolute bps/pps values, comparing two rate
+estimators and matching on the difference between two rate estimators.
+\fB--rateest1\fP \fIname\fP
+Name of the first rate estimator.
+\fB--rateest2\fP \fIname\fP
+Name of the second rate estimator (if difference is to be calculated).
+Compare difference(s) to given rate(s)
+\fB--rateest1-bps\fP \fIvalue\fP
+\fB--rateest2-bps\fP \fIvalue\fP
+Compare bytes per second.
+\fB--rateest1-pps\fP \fIvalue\fP
+\fB--rateest2-pps\fP \fIvalue\fP
+Compare packets per second.
+[\fB!\fP] \fB--rateest-lt\fP
+Match if rate is less than given rate/estimator.
+[\fB!\fP] \fB--rateest-gt\fP
+Match if rate is greater than given rate/estimator.
+[\fB!\fP] \fB--rateest-eq\fP
+Match if rate is equal to given rate/estimator.
+Example: This is what can be used to route outgoing data connections from an
+FTP server over two lines based on the available bandwidth at the time the data
+connection was started:
+# Estimate outgoing rates
+iptables -t mangle -A POSTROUTING -o eth0 -j RATEEST --rateest-name eth0
+--rateest-interval 250ms --rateest-ewma 0.5s
+iptables -t mangle -A POSTROUTING -o ppp0 -j RATEEST --rateest-name ppp0
+--rateest-interval 250ms --rateest-ewma 0.5s
+# Mark based on available bandwidth
+iptables -t mangle -A balance -m conntrack --ctstate NEW -m helper --helper ftp
+-m rateest --rateest-delta --rateest1 eth0 --rateest-bps1 2.5mbit --rateest-gt
+--rateest2 ppp0 --rateest-bps2 2mbit -j CONNMARK --set-mark 1
+iptables -t mangle -A balance -m conntrack --ctstate NEW -m helper --helper ftp
+-m rateest --rateest-delta --rateest1 ppp0 --rateest-bps1 2mbit --rateest-gt
+--rateest2 eth0 --rateest-bps2 2.5mbit -j CONNMARK --set-mark 2
+iptables -t mangle -A balance -j CONNMARK --restore-mark