Traffic Shaping on Linux with iptables and tc — A Practical Guide

Limit bandwidth per IP or service using HTB queuing disciplines.

When one client or service eats all your bandwidth, traffic shaping is the surgical fix. Here's how to use iptables marks with tc's Hierarchy Token Bucket (HTB) to limit traffic per IP on Linux.

Traffic shaping uses two tools together: iptables to mark packets, and tc (traffic control) to apply bandwidth limits based on those marks.

The approach: create HTB (Hierarchy Token Bucket) classes with defined bandwidth limits, then use iptables to sort traffic into those classes by source IP, destination port, or protocol.

Willem used this to solve a specific problem: a Microsoft Outlook client caught in a synchronisation loop that saturated the server's upstream bandwidth. The traffic shaper limited that single client's bandwidth while leaving everything else untouched.

The beauty of HTB is hierarchy: you can guarantee minimum bandwidth to critical services while allowing burst capacity when the line is quiet.

From Willem's collection on self-hosting and server infrastructure.