Skip to content

Instantly share code, notes, and snippets.

@brimston3

brimston3/FLOW.sh

Created Oct 5, 2014
Embed
What would you like to do?
Linux HTB QoS script with source-based prioritization.
#!/bin/sh
# Bandwidth flow controller. Should decrease overall latency.
: <<'EOF'
Copyright (C) February 30, 2006, Andrew Domaszek
(MIT License)
Update history:
May 30, 2014 - add internal flow limit
March 12, 2014 - ifconfig output changes
EOF
# Max upload bandwidth in kbps (kilobits per sec)
CEIL=580kbit
# Max upload bandwidth for routed packets.
ROUTED_CIEL=540kbit
# External interface.
OUTIF=eth2
tc qdisc del dev ${OUTIF} root
tc qdisc add dev ${OUTIF} root handle 1: htb default 14
tc class add dev ${OUTIF} parent 1: classid 1:1 htb rate ${CEIL} ceil ${CEIL}
tc class add dev ${OUTIF} parent 1:1 classid 1:10 htb rate 80kbit ceil 80kbit prio 0
tc class add dev ${OUTIF} parent 1:1 classid 1:11 htb rate 80kbit ceil ${CEIL} prio 1
tc class add dev ${OUTIF} parent 1:1 classid 1:12 htb rate 20kbit ceil ${CEIL} prio 2
tc class add dev ${OUTIF} parent 1:1 classid 1:13 htb rate 20kbit ceil ${CEIL} prio 2
tc class add dev ${OUTIF} parent 1:1 classid 1:14 htb rate 10kbit ceil ${CEIL} prio 3
tc class add dev ${OUTIF} parent 1:1 classid 1:15 htb rate 30kbit ceil ${ROUTED_CIEL} prio 3
tc qdisc add dev ${OUTIF} parent 1:10 handle 100: sfq perturb 10
tc qdisc add dev ${OUTIF} parent 1:11 handle 110: sfq perturb 10
tc qdisc add dev ${OUTIF} parent 1:12 handle 120: sfq perturb 10
tc qdisc add dev ${OUTIF} parent 1:13 handle 130: sfq perturb 10
tc qdisc add dev ${OUTIF} parent 1:14 handle 140: sfq perturb 10
tc qdisc add dev ${OUTIF} parent 1:15 handle 150: sfq perturb 10
echo Adding Filters...
tc filter add dev ${OUTIF} parent 1:0 protocol ip prio 1 handle 1 fw flowid 1:10
tc filter add dev ${OUTIF} parent 1:0 protocol ip prio 2 handle 2 fw flowid 1:11
tc filter add dev ${OUTIF} parent 1:0 protocol ip prio 3 handle 3 fw flowid 1:12
tc filter add dev ${OUTIF} parent 1:0 protocol ip prio 4 handle 4 fw flowid 1:13
tc filter add dev ${OUTIF} parent 1:0 protocol ip prio 5 u32 match ip src 192.168.0.0/24 flowid 1:15
tc filter add dev ${OUTIF} parent 1:0 protocol ip prio 6 handle 5 fw flowid 1:14
tc filter add dev ${OUTIF} parent 1:0 protocol ip prio 7 handle 6 fw flowid 1:15
ICIEL=1gbit
ITHRU=6400kbit
INTIF=enp3s0
tc qdisc del dev ${INTIF} root
tc qdisc add dev ${INTIF} root handle 1: htb default 10
tc class add dev ${INTIF} parent 1: classid 1:1 htb rate ${ICIEL} ceil ${ICIEL}
tc class add dev ${INTIF} parent 1:1 classid 1:10 htb rate ${ICIEL} ceil ${ICIEL} prio 0
tc class add dev ${INTIF} parent 1:1 classid 1:11 htb rate ${ITHRU} prio 1
tc qdisc add dev ${INTIF} parent 1:10 handle 100: sfq perturb 10
tc qdisc add dev ${INTIF} parent 1:11 handle 110: sfq perturb 10
tc filter add dev ${INTIF} parent 1:0 protocol ip prio 1 u32 match ip src 192.168.0.0/24 flowid 1:10
tc filter add dev ${INTIF} parent 1:0 protocol ip prio 1 u32 match ip dst 0.0.0.0/0 flowid 1:11
EXTIP="`/bin/ifconfig $OUTIF | grep 'inet ' | awk '{print $2}' | sed -e 's/.*://'`"
iptables -t mangle -F POSTROUTING
iptables -t mangle -A POSTROUTING -p icmp -j MARK --set-mark 1
iptables -t mangle -A POSTROUTING -p icmp -j ACCEPT
iptables -t mangle -A POSTROUTING -m tos --tos Minimize-Delay -j MARK --set-mark 1
iptables -t mangle -A POSTROUTING -m tos --tos Minimize-Delay -j ACCEPT
iptables -t mangle -A POSTROUTING -m tos --tos Minimize-Cost -j MARK --set-mark 5
iptables -t mangle -A POSTROUTING -m tos --tos Minimize-Cost -j ACCEPT
iptables -t mangle -A POSTROUTING -p tcp -s 192.168.0.80 -j MARK --set-mark 4
iptables -t mangle -A POSTROUTING -p tcp -s 192.168.0.80 -j ACCEPT
iptables -t mangle -A POSTROUTING -p tcp -s 192.168.0.57 -j MARK --set-mark 3
iptables -t mangle -A POSTROUTING -p tcp -s 192.168.0.57 -j ACCEPT
iptables -t mangle -A POSTROUTING -p tcp -s $EXTIP -j MARK --set-mark 5
iptables -t mangle -A POSTROUTING -p tcp -s $EXTIP -j ACCEPT
iptables -t mangle -A POSTROUTING -m tos --tos Maximize-Throughput -j MARK --set-mark 6
iptables -t mangle -A POSTROUTING -m tos --tos Maximize-Throughput -j ACCEPT
iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 22 -j MARK --set-mark 1
iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 22 -j ACCEPT
iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 22 -j MARK --set-mark 1
iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 22 -j ACCEPT
iptables -t mangle -I POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 1
iptables -t mangle -I POSTROUTING 2 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT
iptables -t mangle -A POSTROUTING -j MARK --set-mark 6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment