I kept playing with the hashlimit rule as I am not sure what is the best setting for both protecting my full node and satisfying legitimate peers. With the current setting, the legitimate peers which have 100 Mbps link (like my bitcoin-qt), will have to wait a lot longer time to download the blocks they need.
How about 80:20 rule (or sometimes called Parreto rules)? It's good option for managing bandwidth.
Obviously 80% goes to your full nodes and you need to measure maximum/average bandwidth first.
Hi,
You might want to consider using the `-maxuploadtarget` option. From the wiki :
Tries to keep outbound traffic under the given target (in MiB per 24h), 0 = no limit (default: 0)
OP already use iptables to limit his full node client's bandwith though.