tak wyglada moj begin htb:
#!/bin/sh
IPT=/sbin/iptables
TC=/sbin/tc
LAN=eth0
WAN=eth1
BURST="burst
30k"
DOWNLOAD=4000kbit
UPLOAD=490kbit
stop ()
{
$IPT -t mangle -D FORWARD -i $WAN
-j LIMITS >/dev/null 2>&1
$IPT -t mangle -D FORWARD -o $WAN -j
LIMITS >/dev/null 2>&1
$IPT -t mangle -F LIMITS >/dev/null
2>&1
$IPT -t mangle -X LIMITS >/dev/null 2>&1
$IPT -t
mangle -F OUTPUT
$IPT -t filter -F FORWARD
$TC qdisc del dev $LAN root
2> /dev/null
$TC qdisc del dev $WAN root 2> /dev/null
}
start ()
{
stop
$IPT -t mangle -N
LIMITS
$IPT -t mangle -I FORWARD -i $WAN -j LIMITS
$IPT -t mangle -I
FORWARD -o $WAN -j LIMITS
# incomming traffic
$IPT -t mangle -A OUTPUT -j
MARK --set-mark 1
$TC qdisc add dev $LAN root handle 1:0 htb default 3 r2q
1
$TC class add dev $LAN parent 1:0 classid 1:1 htb rate 99000kbit ceil
99000kbit quantum 1500
$TC class add dev $LAN parent 1:1 classid 1:2 htb rate
500kbit ceil 500kbit
$TC class add dev $LAN parent 1:1 classid 1:3 htb rate
98500kbit ceil 98500kbit prio 9 quantum 1500
$TC qdisc add dev $LAN parent
1:3 esfq perturb 10 hash dst
# priorities for ICMP, TOS 0x10 and ports 22 and
53
$TC class add dev $LAN parent 1:2 classid 1:20 htb rate $DOWNLOAD ceil
$DOWNLOAD $BURST prio 1 quantum 1500
$TC qdisc add dev $LAN parent 1:20 esfq
perturb 10 hash dst
$TC filter add dev $LAN parent 1:0 protocol ip prio 2 u32
match ip sport 22 0xffff flowid 1:20
$TC filter add dev $LAN parent 1:0
protocol ip prio 2 u32 match ip sport 53 0xffff flowid 1:20
$TC filter add
dev $LAN parent 1:0 protocol ip prio 1 u32 match ip tos 0x10 0xff flowid
1:20
$TC filter add dev $LAN parent 1:0 protocol ip prio 1 u32 match ip
protocol 1 0xff flowid 1:20
# serwer -> LAN
$TC filter add dev $LAN
parent 1:0 protocol ip prio 4 handle 1 fw flowid 1:3
# outgoing traffic
$TC qdisc add dev $WAN root
handle 2:0 htb default 11 r2q 1
$TC class add dev $WAN parent 2:0 classid 2:1
htb rate $UPLOAD ceil $UPLOAD
# priorities for ACK, ICMP, TOS 0x10, ports 22
and 53
$TC class add dev $WAN parent 2:1 classid 2:10 htb rate $UPLOAD ceil
$UPLOAD prio 1 quantum 1500
$TC qdisc add dev $WAN parent 2:10 esfq perturb
10 hash dst
$TC filter add dev $WAN parent 2:0 protocol ip prio 1 u32 match
ip protocol 6 0xff \
match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 1
match u8 0x10 0xff at 33 flowid 2:10
$TC filter add dev $WAN parent 2:0
protocol ip prio 1 u32 match ip dport 22 0xffff flowid 2:10
$TC filter add
dev $WAN parent 2:0 protocol ip prio 1 u32 match ip dport 53 0xffff flowid
2:10
$TC filter add dev $WAN parent 2:0 protocol ip prio 1 u32 match ip tos
0x10 0xff flowid 2:10
$TC filter add dev $WAN parent 2:0 protocol ip prio 1
u32 match ip protocol 1 0xff flowid 2:10
# serwer -> Internet
$TC class
add dev $WAN parent 2:1 classid 2:11 htb rate $UPLOAD ceil $UPLOAD prio 2
quantum 1500
$TC qdisc add dev $WAN parent 2:11 esfq perturb 10 hash
dst
$TC filter add dev $WAN parent 2:0 protocol ip prio 3 handle 1 fw flowid
2:11
$TC filter add dev $WAN parent 2:0 protocol ip prio 9 u32 match ip dst
0/0 flowid 2:11\n
ma ktos pomysl co dodac aby trzymal tez
squida?