I am setting up a scanning system for a Pentest company. The box has loads of bandwidth and I'm concerned that testers could inadvertently DoS the clients. Capping the outgoing bandwidth to 10mbps seems a reasonable balance between testing speed and avoiding a DoS. However, multiple testers will be working on separate clients, so I need the limit to be 10mbps EACH, not 10mbps total.
A reasonable approximation to this ideal is to limit traffic based on the destination /24 address. For example, traffic to 1.2.3.4 and 1.2.3.5 would both be capped in the same 10mbps "bucket" because they're both in 1.2.3.0/24. But 2.3.4.5 would be in a separate 10mbps bucket.
How can I implement this on Linux? I've read some introductory documents on tc, and it seems we need to mark packets to identify the buckets. I've seen some examples that have hardcoded IP address in the configuration. However, I'd like to do this generically, without having to reconfigure tc every time we start a new test.
