Created
October 5, 2014 19:40
-
-
Save brimston3/7ba85740a1617fd713a5 to your computer and use it in GitHub Desktop.
Linux HTB QoS script with source-based prioritization.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Bandwidth flow controller. Should decrease overall latency. | |
| : <<'EOF' | |
| Copyright (C) February 30, 2006, Andrew Domaszek | |
| (MIT License) | |
| Update history: | |
| May 30, 2014 - add internal flow limit | |
| March 12, 2014 - ifconfig output changes | |
| EOF | |
| # Max upload bandwidth in kbps (kilobits per sec) | |
| CEIL=580kbit | |
| # Max upload bandwidth for routed packets. | |
| ROUTED_CIEL=540kbit | |
| # External interface. | |
| OUTIF=eth2 | |
| tc qdisc del dev ${OUTIF} root | |
| tc qdisc add dev ${OUTIF} root handle 1: htb default 14 | |
| tc class add dev ${OUTIF} parent 1: classid 1:1 htb rate ${CEIL} ceil ${CEIL} | |
| tc class add dev ${OUTIF} parent 1:1 classid 1:10 htb rate 80kbit ceil 80kbit prio 0 | |
| tc class add dev ${OUTIF} parent 1:1 classid 1:11 htb rate 80kbit ceil ${CEIL} prio 1 | |
| tc class add dev ${OUTIF} parent 1:1 classid 1:12 htb rate 20kbit ceil ${CEIL} prio 2 | |
| tc class add dev ${OUTIF} parent 1:1 classid 1:13 htb rate 20kbit ceil ${CEIL} prio 2 | |
| tc class add dev ${OUTIF} parent 1:1 classid 1:14 htb rate 10kbit ceil ${CEIL} prio 3 | |
| tc class add dev ${OUTIF} parent 1:1 classid 1:15 htb rate 30kbit ceil ${ROUTED_CIEL} prio 3 | |
| tc qdisc add dev ${OUTIF} parent 1:10 handle 100: sfq perturb 10 | |
| tc qdisc add dev ${OUTIF} parent 1:11 handle 110: sfq perturb 10 | |
| tc qdisc add dev ${OUTIF} parent 1:12 handle 120: sfq perturb 10 | |
| tc qdisc add dev ${OUTIF} parent 1:13 handle 130: sfq perturb 10 | |
| tc qdisc add dev ${OUTIF} parent 1:14 handle 140: sfq perturb 10 | |
| tc qdisc add dev ${OUTIF} parent 1:15 handle 150: sfq perturb 10 | |
| echo Adding Filters... | |
| tc filter add dev ${OUTIF} parent 1:0 protocol ip prio 1 handle 1 fw flowid 1:10 | |
| tc filter add dev ${OUTIF} parent 1:0 protocol ip prio 2 handle 2 fw flowid 1:11 | |
| tc filter add dev ${OUTIF} parent 1:0 protocol ip prio 3 handle 3 fw flowid 1:12 | |
| tc filter add dev ${OUTIF} parent 1:0 protocol ip prio 4 handle 4 fw flowid 1:13 | |
| tc filter add dev ${OUTIF} parent 1:0 protocol ip prio 5 u32 match ip src 192.168.0.0/24 flowid 1:15 | |
| tc filter add dev ${OUTIF} parent 1:0 protocol ip prio 6 handle 5 fw flowid 1:14 | |
| tc filter add dev ${OUTIF} parent 1:0 protocol ip prio 7 handle 6 fw flowid 1:15 | |
| ICIEL=1gbit | |
| ITHRU=6400kbit | |
| INTIF=enp3s0 | |
| tc qdisc del dev ${INTIF} root | |
| tc qdisc add dev ${INTIF} root handle 1: htb default 10 | |
| tc class add dev ${INTIF} parent 1: classid 1:1 htb rate ${ICIEL} ceil ${ICIEL} | |
| tc class add dev ${INTIF} parent 1:1 classid 1:10 htb rate ${ICIEL} ceil ${ICIEL} prio 0 | |
| tc class add dev ${INTIF} parent 1:1 classid 1:11 htb rate ${ITHRU} prio 1 | |
| tc qdisc add dev ${INTIF} parent 1:10 handle 100: sfq perturb 10 | |
| tc qdisc add dev ${INTIF} parent 1:11 handle 110: sfq perturb 10 | |
| tc filter add dev ${INTIF} parent 1:0 protocol ip prio 1 u32 match ip src 192.168.0.0/24 flowid 1:10 | |
| tc filter add dev ${INTIF} parent 1:0 protocol ip prio 1 u32 match ip dst 0.0.0.0/0 flowid 1:11 | |
| EXTIP="`/bin/ifconfig $OUTIF | grep 'inet ' | awk '{print $2}' | sed -e 's/.*://'`" | |
| iptables -t mangle -F POSTROUTING | |
| iptables -t mangle -A POSTROUTING -p icmp -j MARK --set-mark 1 | |
| iptables -t mangle -A POSTROUTING -p icmp -j ACCEPT | |
| iptables -t mangle -A POSTROUTING -m tos --tos Minimize-Delay -j MARK --set-mark 1 | |
| iptables -t mangle -A POSTROUTING -m tos --tos Minimize-Delay -j ACCEPT | |
| iptables -t mangle -A POSTROUTING -m tos --tos Minimize-Cost -j MARK --set-mark 5 | |
| iptables -t mangle -A POSTROUTING -m tos --tos Minimize-Cost -j ACCEPT | |
| iptables -t mangle -A POSTROUTING -p tcp -s 192.168.0.80 -j MARK --set-mark 4 | |
| iptables -t mangle -A POSTROUTING -p tcp -s 192.168.0.80 -j ACCEPT | |
| iptables -t mangle -A POSTROUTING -p tcp -s 192.168.0.57 -j MARK --set-mark 3 | |
| iptables -t mangle -A POSTROUTING -p tcp -s 192.168.0.57 -j ACCEPT | |
| iptables -t mangle -A POSTROUTING -p tcp -s $EXTIP -j MARK --set-mark 5 | |
| iptables -t mangle -A POSTROUTING -p tcp -s $EXTIP -j ACCEPT | |
| iptables -t mangle -A POSTROUTING -m tos --tos Maximize-Throughput -j MARK --set-mark 6 | |
| iptables -t mangle -A POSTROUTING -m tos --tos Maximize-Throughput -j ACCEPT | |
| iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 22 -j MARK --set-mark 1 | |
| iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 22 -j ACCEPT | |
| iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 22 -j MARK --set-mark 1 | |
| iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 22 -j ACCEPT | |
| iptables -t mangle -I POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 1 | |
| iptables -t mangle -I POSTROUTING 2 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT | |
| iptables -t mangle -A POSTROUTING -j MARK --set-mark 6 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment