nsbin/qos-neu
Nico Schottelius df2daf524d init
Signed-off-by: Nico Schottelius <nico@manager.schottelius.org>
2017-07-19 17:15:41 +02:00

66 lines
2.2 KiB
Text
Executable file

INET=ppp0
MAXRATE=126kbit
# flush
iptables -t mangle -F
tc qdisc del dev $INET root
# group0
# acks 6kbit
# group1:
# dns
# ssh 40kbit
# group2: 60kbit
# apache
# smtp
# pop3
# group3: 20kbit
# identd
# ftp
# rsync
# icmp
# standards
# root class (root o all evil)
tc qdisc add dev $INET root handle 1:0 htb default 23
# hauptklasse... mamapapa ichselber alg minimal maximal
tc class add dev $INET parent 1:0 classid 1:1 htb rate $MAXRATE ceil $MAXRATE
# acks
tc class add dev $INET parent 1:1 classid 1:10 htb rate 6kbit ceil $MAXRATE prio 1
tc filter add dev $INET parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10
# ssh / dns
iptables -t mangle -A POSTROUTING -o $INET -p tcp --source-port 22 -j MARK --set-mark 11
iptables -t mangle -A POSTROUTING -o $INET -p tcp --source-port 53 -j MARK --set-mark 11
iptables -t mangle -A POSTROUTING -o $INET -p udp --source-port 53 -j MARK --set-mark 11
# das ist nur die rule. wie es sein soll.
tc class add dev $INET parent 1:1 classid 1:11 htb rate 40kbit ceil $MAXRATE prio 2
# das ist der eintrag der in aktiv macht, auf das handle (==mark)
tc filter add dev $INET parent 1:0 prio 0 protocol ip handle 11 fw flowid 1:11
# apache / smtp / pop
iptables -t mangle -A POSTROUTING -o $INET -p tcp --source-port 80 -j MARK --set-mark 12
iptables -t mangle -A POSTROUTING -o $INET -p tcp --source-port pop3 -j MARK --set-mark 12
iptables -t mangle -A POSTROUTING -o $INET -p tcp --source-port smtp -j MARK --set-mark 12
tc class add dev $INET parent 1:1 classid 1:12 htb rate 60kbit ceil $MAXRATE prio 2
tc filter add dev $INET parent 1:0 prio 0 protocol ip handle 12 fw flowid 1:12
# ftp / rsync / auth / icmp
iptables -t mangle -A POSTROUTING -o $INET -p tcp --source-port 20:21 -j MARK --set-mark 13
iptables -t mangle -A POSTROUTING -o $INET -p tcp --source-port rsync -j MARK --set-mark 13
iptables -t mangle -A POSTROUTING -o $INET -p tcp --source-port auth -j MARK --set-mark 13
iptables -t mangle -A POSTROUTING -o $INET -p icmp -j MARK --set-mark 13
tc class add dev $INET parent 1:1 classid 1:13 htb rate 20kbit ceil $MAXRATE prio 2
tc filter add dev $INET parent 1:0 prio 0 protocol ip handle 13 fw flowid 1:13