Forum: QOS i regula po domenie jak to zrobic?

Kod Pobierz kod źródłowy


iptables -I FORWARD 4 -i ppp0 -m layer7 --l7proto skypetoskype

iptables -I FORWARD 4 -i ppp0 -m layer7 --l7proto skypeout



#--------------------------------------------

#WRT54 Script Generator v1.00

#Copyright (C) 2006 Robert "Robson" Mytkowski

#--------------------------------------------

modprobe ipt_layer7

TCA="tc class add dev br0"

TFA="tc filter add dev br0"

TQA="tc qdisc add dev br0"

SFQ="sfq perturb 10"

tc qdisc del dev br0 root

tc qdisc add dev br0 root handle 1: htb

tc class add dev br0 parent 1: classid 1:1 htb rate 1000kbit

$TCA parent 1:1 classid 1:10 htb rate 33kbit ceil 699kbit prio 4

$TCA parent 1:1 classid 1:11 htb rate 33kbit ceil 699kbit prio 4

$TCA parent 1:1 classid 1:12 htb rate 256kbit ceil 1000kbit prio 0

$TCA parent 1:1 classid 1:13 htb rate 128kbit ceil 1000kbit prio 1

$TCA parent 1:1 classid 1:14 htb rate 64kbit ceil 1000kbit prio 2

$TCA parent 1:1 classid 1:15 htb rate 64kbit ceil 1000kbit prio 2

$TCA parent 1:1 classid 1:16 htb rate 64kbit ceil 1000kbit prio 2

$TCA parent 1:1 classid 1:17 htb rate 64kbit ceil 1000kbit prio 2

$TCA parent 1:1 classid 1:18 htb rate 64kbit ceil 1000kbit prio 2

$TCA parent 1:1 classid 1:19 htb rate 128kbit ceil 512kbit prio 0

$TCA parent 1:1 classid 1:20 htb rate 100kbit ceil 512kbit prio 2

$TQA parent 1:10 handle 10: $SFQ

$TQA parent 1:11 handle 11: $SFQ

$TQA parent 1:12 handle 12: $SFQ

$TQA parent 1:13 handle 13: $SFQ

$TQA parent 1:14 handle 14: $SFQ

$TQA parent 1:15 handle 15: $SFQ

$TQA parent 1:16 handle 16: $SFQ

$TQA parent 1:17 handle 17: $SFQ

$TQA parent 1:18 handle 18: $SFQ

$TQA parent 1:19 handle 19: $SFQ

$TQA parent 1:20 handle 20: $SFQ

$TFA parent 1:0 prio 4 protocol ip handle 10 fw flowid 1:10

$TFA parent 1:0 prio 4 protocol ip handle 11 fw flowid 1:11

$TFA parent 1:0 prio 0 protocol ip handle 12 fw flowid 1:12

$TFA parent 1:0 prio 1 protocol ip handle 13 fw flowid 1:13

$TFA parent 1:0 prio 2 protocol ip handle 14 fw flowid 1:14

$TFA parent 1:0 prio 2 protocol ip handle 15 fw flowid 1:15

$TFA parent 1:0 prio 2 protocol ip handle 16 fw flowid 1:16

$TFA parent 1:0 prio 2 protocol ip handle 17 fw flowid 1:17

$TFA parent 1:0 prio 2 protocol ip handle 18 fw flowid 1:18

$TFA parent 1:0 prio 0 protocol ip handle 19 fw flowid 1:19

$TFA parent 1:0 prio 2 protocol ip handle 20 fw flowid 1:20

iptables -t mangle -A POSTROUTING -m layer7 --l7proto bittorrent -j MARK --set-mark 10

iptables -t mangle -A POSTROUTING -m layer7 --l7proto edonkey -j MARK --set-mark 11

iptables -t mangle -A POSTROUTING -p tcp --sport 80 -j MARK --set-mark 12

iptables -t mangle -A POSTROUTING -p tcp --sport 443 -j MARK --set-mark 13

iptables -t mangle -A POSTROUTING -p tcp --sport 110 -j MARK --set-mark 14

iptables -t mangle -A POSTROUTING -m layer7 --l7proto rar -j MARK --set-mark 15

iptables -t mangle -A POSTROUTING -m layer7 --l7proto zip -j MARK --set-mark 16

iptables -t mangle -A POSTROUTING -m layer7 --l7proto exe -j MARK --set-mark 17

iptables -t mangle -A POSTROUTING -m layer7 --l7proto pdf -j MARK --set-mark 18

iptables -t mangle -A POSTROUTING -m layer7 --l7proto skypeout -j MARK --set-mark 19

iptables -t mangle -A POSTROUTING -m layer7 --l7proto skypetoskype -j MARK --set-mark 20

iptables -I FORWARD -p tcp -m layer7 --l7proto bittorrent -m connlimit --connlimit-above 600 -j DROP

iptables -I FORWARD -p tcp -m layer7 --l7proto edonkey -m connlimit --connlimit-above 600 -j DROP