Created
August 27, 2015 10:21
-
-
Save userid/9f01ebd7aae2a110efdd to your computer and use it in GitHub Desktop.
使用TC和iptables限制网速
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| iptables -t mangle -X | |
| iptables -t mangle -F | |
| #删除旧队列 | |
| tc qdisc del dev eth0 root | |
| tc qdisc del dev eth1 root | |
| #上传设置 | |
| ##创建一个HTB的根,默认类为1:20 | |
| tc qdisc add dev eth0 root handle 1: htb default 22 | |
| ##创建一个HTB的类,流量的限制就是在这里限制的,并设置突发, 增加总流量规则 | |
| tc class add dev eth0 parent 1: classid 1:1 htb rate 32000kbit ceil 36000kbit | |
| ##增加子类 | |
| ###用于优先的小包 | |
| tc class add dev eth0 parent 1:1 classid 1:20 htb rate 4000kbit ceil 32000kbit prio 0 | |
| ###优先的请求 | |
| tc class add dev eth0 parent 1:1 classid 1:21 htb rate 8000kbit ceil 32000kbit prio 1 | |
| ###优先级低 | |
| tc class add dev eth0 parent 1:1 classid 1:22 htb rate 2400kbit ceil 32000kbit prio 2 | |
| tc class add dev eth0 parent 1:1 classid 1:23 htb rate 1600kbit ceil 32000kbit prio 3 | |
| ##为子类添加SFQ公平队列,每10秒重置 | |
| tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10 | |
| tc qdisc add dev eth0 parent 1:21 handle 21: sfq perturb 10 | |
| tc qdisc add dev eth0 parent 1:22 handle 22: sfq perturb 10 | |
| tc qdisc add dev eth0 parent 1:23 handle 23: sfq perturb 10 | |
| ##添加过滤规则配合Iptables Mark标记 | |
| tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20 | |
| tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21 | |
| tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22 | |
| tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23 | |
| #为特定数据打上标记配合之前过滤规则 | |
| #iptables -t mangle -I PREROUTING -s 192.168.1.16 -j MARK --set-mark 23 #限制特定IP上传速度 | |
| #iptables -t mangle -I PREROUTING -s 192.168.1.16 -j RETURN | |
| iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20 #提高HTTP连接速度 | |
| iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST,ACK SYN -j RETURN | |
| iptables -t mangle -A PREROUTING -p udp --dport 53 -j MARK --set-mark 20 #DNS查询 | |
| iptables -t mangle -A PREROUTING -p udp --dport 53 -j RETURN | |
| iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 21 #ICMP数据 | |
| iptables -t mangle -A PREROUTING -p icmp -j RETURN | |
| iptables -t mangle -A PREROUTING -p tcp -m length --length :64 -j MARK --set-mark 21 #小数据包 | |
| iptables -t mangle -A PREROUTING -p tcp -m length --length :64 -j RETURN | |
| iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 20 #SSH连接 | |
| iptables -t mangle -A PREROUTING -p tcp --dport 22 -j RETURN | |
| iptables -t mangle -A PREROUTING -p udp --dport 1194 -j MARK --set-mark 20 #VPN连接 | |
| iptables -t mangle -A PREROUTING -p udp --dport 1194 -j RETURN | |
| iptables -t mangle -A PREROUTING -p udp --dport 22222 -j MARK --set-mark 20 #ssh连接 | |
| iptables -t mangle -A PREROUTING -p udp --dport 22222 -j RETURN | |
| iptables -t mangle -A PREROUTING -p udp --dport 1935 -j MARK --set-mark 20 #RTMP连接 | |
| iptables -t mangle -A PREROUTING -p udp --dport 1935 -j RETURN | |
| iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 21 #HTTP连接 | |
| iptables -t mangle -A PREROUTING -p tcp --dport 80 -j RETURN | |
| iptables -t mangle -A PREROUTING -p tcp --dport 443 -j MARK --set-mark 21 #HTTPS连接 | |
| iptables -t mangle -A PREROUTING -p tcp --dport 443 -j RETURN | |
| #上传设置完成 | |
| #下载设置 | |
| #增加根队列,未标记数据默认走24 | |
| tc qdisc add dev eth1 handle 1: root htb default 25 | |
| tc class add dev eth1 parent 1: classid 1:1 htb rate 32000kbit ceil 1Gbit | |
| #添加子类 | |
| tc class add dev eth1 parent 1:1 classid 1:20 htb rate 2000kbit ceil 32000kbit prio 0 | |
| tc class add dev eth1 parent 1:1 classid 1:21 htb rate 2000kbit ceil 32000kbit prio 1 | |
| tc class add dev eth1 parent 1:1 classid 1:22 htb rate 12000kbit ceil 32000kbit prio 2 | |
| tc class add dev eth1 parent 1:1 classid 1:23 htb rate 2400kbit ceil 32000kbit prio 3 | |
| tc class add dev eth1 parent 1:1 classid 1:24 htb rate 1000kbit ceil 32000kbit prio 4 | |
| #标准内网网络的 | |
| tc class add dev eth1 parent 1:1 classid 1:25 htb rate 100Mbit ceil 1Gbit prio 5 | |
| #为子类添加SFQ公平队列 | |
| tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10 | |
| tc qdisc add dev eth1 parent 1:21 handle 21: sfq perturb 10 | |
| tc qdisc add dev eth1 parent 1:22 handle 22: sfq perturb 10 | |
| tc qdisc add dev eth1 parent 1:23 handle 23: sfq perturb 10 | |
| tc qdisc add dev eth1 parent 1:24 handle 24: sfq perturb 10 | |
| tc qdisc add dev eth1 parent 1:25 handle 25: sfq perturb 10 | |
| #过滤规则 | |
| tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20 | |
| tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21 | |
| tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22 | |
| tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23 | |
| tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24 | |
| tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25 | |
| #分类标记数据 | |
| #内网流量 | |
| iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -j MARK --set-mark 25 #不受限制 | |
| iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -j RETURN | |
| #iptables -t mangle -A PREROUTING -d 192.168.1.16 -j MARK --set-mark 23 #限制特定IP下载速度 | |
| #iptables -t mangle -A PREROUTING -d 192.168.1.16 -j RETURN | |
| iptables -t mangle -A PREROUTING -d 192.168.11.1/28 -j MARK --set-mark 21 | |
| iptables -t mangle -A PREROUTING -d 192.168.11.1/28 -j RETURN | |
| iptables -t mangle -A PREROUTING -p tcp -m length --length :64 -j MARK --set-mark 20 #小数据优先 | |
| iptables -t mangle -A PREROUTING -p tcp -m length --length :64 -j RETURN | |
| iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 20 #ICMP数据 | |
| iptables -t mangle -A PREROUTING -p icmp -j RETURN | |
| iptables -t mangle -A PREROUTING -p udp --sport 53 -j MARK --set-mark 21 #DNS连接 | |
| iptables -t mangle -A PREROUTING -p udp --sport 53 -j RETURN | |
| iptables -t mangle -A PREROUTING -p tcp --sport 22 -j MARK --set-mark 21 #SSH连接 | |
| iptables -t mangle -A PREROUTING -p tcp --sport 22 -j RETURN | |
| iptables -t mangle -A PREROUTING -p udp --sport 1194 -j MARK --set-mark 21 #VPN连接 | |
| iptables -t mangle -A PREROUTING -p udp --sport 1194 -j RETURN | |
| iptables -t mangle -A PREROUTING -p udp --sport 22222 -j MARK --set-mark 21 #ssh连接 | |
| iptables -t mangle -A PREROUTING -p udp --sport 22222 -j RETURN | |
| iptables -t mangle -A PREROUTING -p udp --sport 1935 -j MARK --set-mark 21 #RTMP连接 | |
| iptables -t mangle -A PREROUTING -p udp --sport 1935 -j RETURN | |
| iptables -t mangle -A PREROUTING -p tcp --sport 443 -j MARK --set-mark 22 #HTTPS连接 | |
| iptables -t mangle -A PREROUTING -p tcp --sport 443 -j RETURN | |
| iptables -t mangle -A PREROUTING -p tcp --sport 80 -j MARK --set-mark 22 #HTTP连接 | |
| iptables -t mangle -A PREROUTING -p tcp --sport 80 -j RETURN | |
| iptables -t mangle -A PREROUTING -p tcp --sport 0:1024 -j MARK --set-mark 23 #系统服务端口连接 | |
| iptables -t mangle -A PREROUTING -p tcp --sport 0:1024 -j RETURN | |
| #default=>24 | |
| iptables -t mangle -A PREROUTING -p tcp -j MARK --set-mark 24 | |
| iptables -t mangle -A PREROUTING -p tcp -j RETURN | |
| #下载设置完成 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment