66 lines
2.2 KiB
Text
Executable file
66 lines
2.2 KiB
Text
Executable file
INET=ppp0
|
|
MAXRATE=126kbit
|
|
|
|
# flush
|
|
iptables -t mangle -F
|
|
tc qdisc del dev $INET root
|
|
|
|
# group0
|
|
# acks 6kbit
|
|
|
|
# group1:
|
|
# dns
|
|
# ssh 40kbit
|
|
|
|
# group2: 60kbit
|
|
# apache
|
|
# smtp
|
|
# pop3
|
|
|
|
|
|
# group3: 20kbit
|
|
# identd
|
|
# ftp
|
|
# rsync
|
|
# icmp
|
|
|
|
# standards
|
|
|
|
# root class (root o all evil)
|
|
tc qdisc add dev $INET root handle 1:0 htb default 23
|
|
|
|
# hauptklasse... mamapapa ichselber alg minimal maximal
|
|
tc class add dev $INET parent 1:0 classid 1:1 htb rate $MAXRATE ceil $MAXRATE
|
|
|
|
# acks
|
|
tc class add dev $INET parent 1:1 classid 1:10 htb rate 6kbit ceil $MAXRATE prio 1
|
|
tc filter add dev $INET parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10
|
|
|
|
|
|
# ssh / dns
|
|
iptables -t mangle -A POSTROUTING -o $INET -p tcp --source-port 22 -j MARK --set-mark 11
|
|
iptables -t mangle -A POSTROUTING -o $INET -p tcp --source-port 53 -j MARK --set-mark 11
|
|
iptables -t mangle -A POSTROUTING -o $INET -p udp --source-port 53 -j MARK --set-mark 11
|
|
|
|
# das ist nur die rule. wie es sein soll.
|
|
tc class add dev $INET parent 1:1 classid 1:11 htb rate 40kbit ceil $MAXRATE prio 2
|
|
# das ist der eintrag der in aktiv macht, auf das handle (==mark)
|
|
tc filter add dev $INET parent 1:0 prio 0 protocol ip handle 11 fw flowid 1:11
|
|
|
|
|
|
# apache / smtp / pop
|
|
iptables -t mangle -A POSTROUTING -o $INET -p tcp --source-port 80 -j MARK --set-mark 12
|
|
iptables -t mangle -A POSTROUTING -o $INET -p tcp --source-port pop3 -j MARK --set-mark 12
|
|
iptables -t mangle -A POSTROUTING -o $INET -p tcp --source-port smtp -j MARK --set-mark 12
|
|
tc class add dev $INET parent 1:1 classid 1:12 htb rate 60kbit ceil $MAXRATE prio 2
|
|
tc filter add dev $INET parent 1:0 prio 0 protocol ip handle 12 fw flowid 1:12
|
|
|
|
|
|
# ftp / rsync / auth / icmp
|
|
iptables -t mangle -A POSTROUTING -o $INET -p tcp --source-port 20:21 -j MARK --set-mark 13
|
|
iptables -t mangle -A POSTROUTING -o $INET -p tcp --source-port rsync -j MARK --set-mark 13
|
|
iptables -t mangle -A POSTROUTING -o $INET -p tcp --source-port auth -j MARK --set-mark 13
|
|
iptables -t mangle -A POSTROUTING -o $INET -p icmp -j MARK --set-mark 13
|
|
tc class add dev $INET parent 1:1 classid 1:13 htb rate 20kbit ceil $MAXRATE prio 2
|
|
tc filter add dev $INET parent 1:0 prio 0 protocol ip handle 13 fw flowid 1:13
|
|
|