Mam taki skrypt:
TCA="tc class add dev br0"
TFA="tc filter add dev br0"
TQA="tc qdisc add dev br0"
SFQ="sfq perturb 10"
tc qdisc del dev br0 root
tc qdisc add dev br0 root handle 1: htb
tc class add dev br0 parent 1: classid 1:1 htb rate 1840kbit
$TCA parent 1:1 classid 1:10 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:11 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:12 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:13 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:14 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:15 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:16 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:17 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:18 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:19 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:20 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:21 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:22 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:23 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:24 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:25 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:26 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:27 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:28 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:29 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:30 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:31 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:32 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:33 htb rate 73kbit ceil 1840kbit prio 2
$TCA parent 1:1 classid 1:34 htb rate 73kbit ceil 1840kbit prio 2
$TQA parent 1:10 handle 10: $SFQ
$TQA parent 1:11 handle 11: $SFQ
$TQA parent 1:12 handle 12: $SFQ
$TQA parent 1:13 handle 13: $SFQ
$TQA parent 1:14 handle 14: $SFQ
$TQA parent 1:15 handle 15: $SFQ
$TQA parent 1:16 handle 16: $SFQ
$TQA parent 1:17 handle 17: $SFQ
$TQA parent 1:18 handle 18: $SFQ
$TQA parent 1:19 handle 19: $SFQ
$TQA parent 1:20 handle 20: $SFQ
$TQA parent 1:21 handle 21: $SFQ
$TQA parent 1:22 handle 22: $SFQ
$TQA parent 1:23 handle 23: $SFQ
$TQA parent 1:24 handle 24: $SFQ
$TQA parent 1:25 handle 25: $SFQ
$TQA parent 1:26 handle 26: $SFQ
$TQA parent 1:27 handle 27: $SFQ
$TQA parent 1:28 handle 28: $SFQ
$TQA parent 1:29 handle 29: $SFQ
$TQA parent 1:30 handle 30: $SFQ
$TQA parent 1:31 handle 31: $SFQ
$TQA parent 1:32 handle 32: $SFQ
$TQA parent 1:33 handle 33: $SFQ
$TQA parent 1:34 handle 34: $SFQ
$TFA parent 1:0 prio 2 protocol ip handle 10 fw flowid 1:10
$TFA parent 1:0 prio 2 protocol ip handle 11 fw flowid 1:11
$TFA parent 1:0 prio 2 protocol ip handle 12 fw flowid 1:12
$TFA parent 1:0 prio 2 protocol ip handle 13 fw flowid 1:13
$TFA parent 1:0 prio 2 protocol ip handle 14 fw flowid 1:14
$TFA parent 1:0 prio 2 protocol ip handle 15 fw flowid 1:15
$TFA parent 1:0 prio 2 protocol ip handle 16 fw flowid 1:16
$TFA parent 1:0 prio 2 protocol ip handle 17 fw flowid 1:17
$TFA parent 1:0 prio 2 protocol ip handle 18 fw flowid 1:18
$TFA parent 1:0 prio 2 protocol ip handle 19 fw flowid 1:19
$TFA parent 1:0 prio 2 protocol ip handle 20 fw flowid 1:20
$TFA parent 1:0 prio 2 protocol ip handle 21 fw flowid 1:21
$TFA parent 1:0 prio 2 protocol ip handle 22 fw flowid 1:22
$TFA parent 1:0 prio 2 protocol ip handle 23 fw flowid 1:23
$TFA parent 1:0 prio 2 protocol ip handle 24 fw flowid 1:24
$TFA parent 1:0 prio 2 protocol ip handle 25 fw flowid 1:25
$TFA parent 1:0 prio 2 protocol ip handle 26 fw flowid 1:26
$TFA parent 1:0 prio 2 protocol ip handle 27 fw flowid 1:27
$TFA parent 1:0 prio 2 protocol ip handle 28 fw flowid 1:28
$TFA parent 1:0 prio 2 protocol ip handle 29 fw flowid 1:29
$TFA parent 1:0 prio 2 protocol ip handle 30 fw flowid 1:30
$TFA parent 1:0 prio 2 protocol ip handle 31 fw flowid 1:31
$TFA parent 1:0 prio 2 protocol ip handle 32 fw flowid 1:32
$TFA parent 1:0 prio 2 protocol ip handle 33 fw flowid 1:33
$TFA parent 1:0 prio 2 protocol ip handle 34 fw flowid 1:34
iptables -t mangle -A POSTROUTING -d 192.168.1.100 -j MARK --set-mark 10
iptables -t mangle -A POSTROUTING -d 192.168.1.101 -j MARK --set-mark 11
iptables -t mangle -A POSTROUTING -d 192.168.1.102 -j MARK --set-mark 12
iptables -t mangle -A POSTROUTING -d 192.168.1.103 -j MARK --set-mark 13
iptables -t mangle -A POSTROUTING -d 192.168.1.104 -j MARK --set-mark 14
iptables -t mangle -A POSTROUTING -d 192.168.1.105 -j MARK --set-mark 15
iptables -t mangle -A POSTROUTING -d 192.168.1.106 -j MARK --set-mark 16
iptables -t mangle -A POSTROUTING -d 192.168.1.107 -j MARK --set-mark 17
iptables -t mangle -A POSTROUTING -d 192.168.1.110 -j MARK --set-mark 18
iptables -t mangle -A POSTROUTING -d 192.168.1.111 -j MARK --set-mark 19
iptables -t mangle -A POSTROUTING -d 192.168.1.112 -j MARK --set-mark 20
iptables -t mangle -A POSTROUTING -d 192.168.1.113 -j MARK --set-mark 21
iptables -t mangle -A POSTROUTING -d 192.168.1.114 -j MARK --set-mark 22
iptables -t mangle -A POSTROUTING -d 192.168.1.115 -j MARK --set-mark 23
iptables -t mangle -A POSTROUTING -d 192.168.1.116 -j MARK --set-mark 24
iptables -t mangle -A POSTROUTING -d 192.168.1.117 -j MARK --set-mark 25
iptables -t mangle -A POSTROUTING -d 192.168.1.118 -j MARK --set-mark 26
iptables -t mangle -A POSTROUTING -d 192.168.1.131 -j MARK --set-mark 27
iptables -t mangle -A POSTROUTING -d 192.168.1.132 -j MARK --set-mark 28
iptables -t mangle -A POSTROUTING -d 192.168.1.133 -j MARK --set-mark 29
iptables -t mangle -A POSTROUTING -d 192.168.1.134 -j MARK --set-mark 30
iptables -t mangle -A POSTROUTING -d 192.168.1.135 -j MARK --set-mark 31
iptables -t mangle -A POSTROUTING -d 192.168.1.136 -j MARK --set-mark 32
iptables -t mangle -A POSTROUTING -d 192.168.1.137 -j MARK --set-mark 33
iptables -t mangle -A POSTROUTING -d 192.168.1.140 -j MARK --set-mark 34
Ktoś może mi powiedzieć czy dobrze go skróciłem ? - Wyląda teraz to tak:
TCA="tc class add dev br0"
TFA="tc filter add dev br0"
TQA="tc qdisc add dev br0"
SFQ="sfq perturb 10"
tc qdisc del dev br0 root
tc qdisc add dev br0 root handle 1: htb
tc class add dev br0 parent 1: classid 1:1 htb rate 1840kbit
for IP in 100 101 102 103 104 105 106 107 110 111 112 113 114 115 116 117 118 131 132 133 134 135 136 137 140
do
$TCA parent 1:1 classid 1:$IP htb rate 73kbit ceil 1840kbit prio 2
$TQA parent 1:$IP handle $IP: $SFQ
$TFA parent 1:0 prio 2 protocol ip handle $IP fw flowid 1:$IP
iptables -t mangle -A POSTROUTING -d 192.168.1.$IP -j MARK --set-mark $IP
iptables -I FORWARD -p tcp -s 192.168.1.$IP -m connlimit --connlimit-above 100 -j DROP
iptables -I FORWARD -p udp -s 192.168.1.$IP -m limit --limit 3/sec -j DROP
done
Jak sprawdzić czy oba skrypty identycznie działają ??
Wydaje mi się że wszystko działa dobrze - nigdy wcześniej nie skracałem skryptów aż do momentu kiedy to brakło 8kb. Wiem że ograniczenie liczby połączeń działa - tylko nie jestem na 100% pewny czy drugi skrypt działa tak samo dobrze jak pierwszy. Może jakiś spec od iptables się wypowie ? :)
Edytowany przez SysOp dnia 01-03-2008 18:33
Linksys WRT54GL / Tomato 1.18
Zyxel 660HW-D1
Comtrend CT-500
Minitar WA2204A
2 x Switch 3Com (3CFSU08)
|
' target='_blank'>Link
