Linux内核5.2版本以上。
root权限执行:
systemctl enable iptables systemctl start iptables systemctl status iptables
假设已经启用了cgroup v2,cgroup挂载点为:/sys/fs/cgroup。
[root@bogon ~]# cd /sys/fs/cgroup/ [root@bogon cgroup]# pwd /sys/fs/cgroup [root@bogon cgroup]# mkdir yz [root@bogon cgroup]# mkdir yz/net [root@bogon cgroup]# chown yz:yz -R ./yz
root用户执行。
iptables -A INPUT -i lo -m cgroup --path yz/net -m limit --limit 1mb/s -j ACCEPT
[yz@bogon ~]$ sudo iptables -nL --line-number Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 cgroup yz/net limit: avg 1/sec burst 5 Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination
[yz@bogon ~]$ sudo iptables -D INPUT 1