Skip to content

Instantly share code, notes, and snippets.

@userid
Created August 27, 2015 10:21
Show Gist options
  • Select an option

  • Save userid/9f01ebd7aae2a110efdd to your computer and use it in GitHub Desktop.

Select an option

Save userid/9f01ebd7aae2a110efdd to your computer and use it in GitHub Desktop.
使用TC和iptables限制网速
#!/bin/bash
iptables -t mangle -X
iptables -t mangle -F
#删除旧队列
tc qdisc del dev eth0 root
tc qdisc del dev eth1 root
#上传设置
##创建一个HTB的根,默认类为1:20
tc qdisc add dev eth0 root handle 1: htb default 22
##创建一个HTB的类,流量的限制就是在这里限制的,并设置突发, 增加总流量规则
tc class add dev eth0 parent 1: classid 1:1 htb rate 32000kbit ceil 36000kbit
##增加子类
###用于优先的小包
tc class add dev eth0 parent 1:1 classid 1:20 htb rate 4000kbit ceil 32000kbit prio 0
###优先的请求
tc class add dev eth0 parent 1:1 classid 1:21 htb rate 8000kbit ceil 32000kbit prio 1
###优先级低
tc class add dev eth0 parent 1:1 classid 1:22 htb rate 2400kbit ceil 32000kbit prio 2
tc class add dev eth0 parent 1:1 classid 1:23 htb rate 1600kbit ceil 32000kbit prio 3
##为子类添加SFQ公平队列,每10秒重置
tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev eth0 parent 1:21 handle 21: sfq perturb 10
tc qdisc add dev eth0 parent 1:22 handle 22: sfq perturb 10
tc qdisc add dev eth0 parent 1:23 handle 23: sfq perturb 10
##添加过滤规则配合Iptables Mark标记
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
#为特定数据打上标记配合之前过滤规则
#iptables -t mangle -I PREROUTING -s 192.168.1.16 -j MARK --set-mark 23 #限制特定IP上传速度
#iptables -t mangle -I PREROUTING -s 192.168.1.16 -j RETURN
iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20 #提高HTTP连接速度
iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
iptables -t mangle -A PREROUTING -p udp --dport 53 -j MARK --set-mark 20 #DNS查询
iptables -t mangle -A PREROUTING -p udp --dport 53 -j RETURN
iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 21 #ICMP数据
iptables -t mangle -A PREROUTING -p icmp -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m length --length :64 -j MARK --set-mark 21 #小数据包
iptables -t mangle -A PREROUTING -p tcp -m length --length :64 -j RETURN
iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 20 #SSH连接
iptables -t mangle -A PREROUTING -p tcp --dport 22 -j RETURN
iptables -t mangle -A PREROUTING -p udp --dport 1194 -j MARK --set-mark 20 #VPN连接
iptables -t mangle -A PREROUTING -p udp --dport 1194 -j RETURN
iptables -t mangle -A PREROUTING -p udp --dport 22222 -j MARK --set-mark 20 #ssh连接
iptables -t mangle -A PREROUTING -p udp --dport 22222 -j RETURN
iptables -t mangle -A PREROUTING -p udp --dport 1935 -j MARK --set-mark 20 #RTMP连接
iptables -t mangle -A PREROUTING -p udp --dport 1935 -j RETURN
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 21 #HTTP连接
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j RETURN
iptables -t mangle -A PREROUTING -p tcp --dport 443 -j MARK --set-mark 21 #HTTPS连接
iptables -t mangle -A PREROUTING -p tcp --dport 443 -j RETURN
#上传设置完成
#下载设置
#增加根队列,未标记数据默认走24
tc qdisc add dev eth1 handle 1: root htb default 25
tc class add dev eth1 parent 1: classid 1:1 htb rate 32000kbit ceil 1Gbit
#添加子类
tc class add dev eth1 parent 1:1 classid 1:20 htb rate 2000kbit ceil 32000kbit prio 0
tc class add dev eth1 parent 1:1 classid 1:21 htb rate 2000kbit ceil 32000kbit prio 1
tc class add dev eth1 parent 1:1 classid 1:22 htb rate 12000kbit ceil 32000kbit prio 2
tc class add dev eth1 parent 1:1 classid 1:23 htb rate 2400kbit ceil 32000kbit prio 3
tc class add dev eth1 parent 1:1 classid 1:24 htb rate 1000kbit ceil 32000kbit prio 4
#标准内网网络的
tc class add dev eth1 parent 1:1 classid 1:25 htb rate 100Mbit ceil 1Gbit prio 5
#为子类添加SFQ公平队列
tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev eth1 parent 1:21 handle 21: sfq perturb 10
tc qdisc add dev eth1 parent 1:22 handle 22: sfq perturb 10
tc qdisc add dev eth1 parent 1:23 handle 23: sfq perturb 10
tc qdisc add dev eth1 parent 1:24 handle 24: sfq perturb 10
tc qdisc add dev eth1 parent 1:25 handle 25: sfq perturb 10
#过滤规则
tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
#分类标记数据
#内网流量
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -j MARK --set-mark 25 #不受限制
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -j RETURN
#iptables -t mangle -A PREROUTING -d 192.168.1.16 -j MARK --set-mark 23 #限制特定IP下载速度
#iptables -t mangle -A PREROUTING -d 192.168.1.16 -j RETURN
iptables -t mangle -A PREROUTING -d 192.168.11.1/28 -j MARK --set-mark 21
iptables -t mangle -A PREROUTING -d 192.168.11.1/28 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m length --length :64 -j MARK --set-mark 20 #小数据优先
iptables -t mangle -A PREROUTING -p tcp -m length --length :64 -j RETURN
iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 20 #ICMP数据
iptables -t mangle -A PREROUTING -p icmp -j RETURN
iptables -t mangle -A PREROUTING -p udp --sport 53 -j MARK --set-mark 21 #DNS连接
iptables -t mangle -A PREROUTING -p udp --sport 53 -j RETURN
iptables -t mangle -A PREROUTING -p tcp --sport 22 -j MARK --set-mark 21 #SSH连接
iptables -t mangle -A PREROUTING -p tcp --sport 22 -j RETURN
iptables -t mangle -A PREROUTING -p udp --sport 1194 -j MARK --set-mark 21 #VPN连接
iptables -t mangle -A PREROUTING -p udp --sport 1194 -j RETURN
iptables -t mangle -A PREROUTING -p udp --sport 22222 -j MARK --set-mark 21 #ssh连接
iptables -t mangle -A PREROUTING -p udp --sport 22222 -j RETURN
iptables -t mangle -A PREROUTING -p udp --sport 1935 -j MARK --set-mark 21 #RTMP连接
iptables -t mangle -A PREROUTING -p udp --sport 1935 -j RETURN
iptables -t mangle -A PREROUTING -p tcp --sport 443 -j MARK --set-mark 22 #HTTPS连接
iptables -t mangle -A PREROUTING -p tcp --sport 443 -j RETURN
iptables -t mangle -A PREROUTING -p tcp --sport 80 -j MARK --set-mark 22 #HTTP连接
iptables -t mangle -A PREROUTING -p tcp --sport 80 -j RETURN
iptables -t mangle -A PREROUTING -p tcp --sport 0:1024 -j MARK --set-mark 23 #系统服务端口连接
iptables -t mangle -A PREROUTING -p tcp --sport 0:1024 -j RETURN
#default=>24
iptables -t mangle -A PREROUTING -p tcp -j MARK --set-mark 24
iptables -t mangle -A PREROUTING -p tcp -j RETURN
#下载设置完成
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment