Skip to content

Instantly share code, notes, and snippets.

@diegargon

diegargon/QoS

Last active May 20, 2023 21:20
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save diegargon/414dd5511e7d0bd32ef79a1556312729 to your computer and use it in GitHub Desktop.
Save diegargon/414dd5511e7d0bd32ef79a1556312729 to your computer and use it in GitHub Desktop.
Download ZIP
QoS Ubuntu Script
Raw
QoS
#!/bin/bash
# Diego García Gonzalez (diegargon) diego@envigo.net
# v1.0
### BEGIN INIT INFO
# Provides: myQoS
# Required-Start: networking, myFirewall
# Required-Stop:
# Should-Start:
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start and Stop
# Description:
### END INIT INFO
#CONFIG START
DEBUG=0
FLUSH_MANGLE=1
RULE_RETURN=1
DOWN_SPEED=1600 #200mb
UP_SPEED=152 #19mb
# mbit kbit
UNIT=mbit
EXT_IF=enp1s10
INT_IF=enp1s8
#CONFIG END
if [ $DEBUG = 1 ]; then
echo "********* ALERT: QoS in debug mode, rules not active *********"
IPTABLES="echo"
TC="echo"
else
TC=`which tc`
IPTABLES=`which iptables`
fi
clear_qos() {
if [ $FLUSH_MANGLE = 1 ]; then
echo "Flushing mangle..."
$IPTABLES -F -t mangle
fi
ITS_SET=`$TC -s class show dev $EXT_IF`
if [ ! -z "$ITS_SET" ]; then
echo "Cleaning QoS rules"
$TC qdisc del dev $EXT_IF root
fi
}
classify() {
$TC filter add dev $EXT_IF parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10
$TC filter add dev $EXT_IF parent 1:0 protocol ip prio 2 handle 2 fw classid 1:11
$TC filter add dev $EXT_IF parent 1:0 protocol ip prio 3 handle 3 fw classid 1:12
$TC filter add dev $EXT_IF parent 1:0 protocol ip prio 4 handle 4 fw classid 1:13
#$TC filter add dev $EXT_IF parent 1:0 protocol ip prio 5 handle 5 fw classid 1:14
#$TC filter add dev $EXT_IF parent 1:0 protocol ip prio 6 handle 6 fw classid 1:15
return 0
}
add_rules() {
ADD_MANGLE="$IPTABLES -t mangle"
ADD_MANGLE_PRE="$ADD_MANGLE -A PREROUTING"
ADD_MANGLE_OUT="$ADD_MANGLE -A OUTPUT"
#ADD_MANGLE_INP="$ADD_MANGLE -A INPUT"
### TOS
$ADD_MANGLE_PRE -m tos --tos Minimize-Delay -j MARK --set-mark 0x1
$ADD_MANGLE_OUT -m tos --tos Minimize-Delay -j MARK --set-mark 0x1
if [ $RULE_RETURN = 1 ]; then
$ADD_MANGLE_PRE -m tos --tos Minimize-Delay -j RETURN
$ADD_MANGLE_OUT -m tos --tos Minimize-Delay -j RETURN
fi
$ADD_MANGLE_PRE -m tos --tos Minimize-Cost -j MARK --set-mark 0x2
$ADD_MANGLE_OUT -m tos --tos Minimize-Cost -j MARK --set-mark 0x2
if [ $RULE_RETURN = 1 ]; then
$ADD_MANGLE_PRE -m tos --tos Minimize-Cost -j RETURN
$ADD_MANGLE_OUT -m tos --tos Minimize-Cost -j RETURN
fi
$ADD_MANGLE_PRE -m tos --tos Maximize-Throughput -j MARK --set-mark 0x4
$ADD_MANGLE_OUT -m tos --tos Maximize-Throughput -j MARK --set-mark 0x4
if [ $RULE_RETURN = 1 ]; then
$ADD_MANGLE_PRE -m tos --tos Maximize-Throughput -j RETURN
$ADD_MANGLE_OUT -m tos --tos Maximize-Throughput -j RETURN
fi
### ICMP
$ADD_MANGLE_PRE -p icmp -j MARK --set-mark 0x1
$ADD_MANGLE_OUT -p icmp -j MARK --set-mark 0x1
if [ $RULE_RETURN = 1 ]; then
$ADD_MANGLE_PRE -p icmp -j RETURN
$ADD_MANGLE_OUT -p icmp -j RETURN
fi
### SSH
$ADD_MANGLE_PRE -p tcp -m tcp --dport 22 -j MARK --set-mark 0x1
$ADD_MANGLE_OUT -p tcp -m tcp --sport 22 -j MARK --set-mark 0x1
$ADD_MANGLE_OUT -p tcp -m tcp --dport 22 -j MARK --set-mark 0x1
if [ $RULE_RETURN = 1 ]; then
$ADD_MANGLE_PRE -p tcp -m tcp --dport 22 -j RETURN
$ADD_MANGLE_OUT -p tcp -m tcp --sport 22 -j RETURN
$ADD_MANGLE_OUT -p tcp -m tcp --dport 22 -j RETURN
fi
### SYNC,RST,ACK
$ADD_MANGLE -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
$ADD_MANGLE -I OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
if [ $RULE_RETURN = 1 ]; then
$ADD_MANGLE -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
$ADD_MANGLE -I OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
fi
### WEB Traffic
# Internal Traffic
$ADD_MANGLE_PRE -p tcp -m tcp --dport 443 -j MARK --set-mark 0x2
$ADD_MANGLE_PRE -p tcp -m tcp --dport 80 -j MARK --set-mark 0x2
# Server Traffic (rare but i add)
$ADD_MANGLE_OUT -p tcp -m tcp --dport 443 -j MARK --set-mark 0x2
$ADD_MANGLE_OUT -p tcp -m tcp --dport 80 -j MARK --set-mark 0x2
# Webserver
$ADD_MANGLE_OUT -p tcp -m tcp --sport 443 -j MARK --set-mark 0x2
$ADD_MANGLE_OUT -p tcp -m tcp --sport 80 -j MARK --set-mark 0x2
if [ $RULE_RETURN = 1 ]; then
# Internal traffic
$ADD_MANGLE_PRE -p tcp -m tcp --dport 443 -j RETURN
$ADD_MANGLE_PRE -p tcp -m tcp --dport 80 -j RETURN
# Server Trafic
$ADD_MANGLE_OUT -p tcp -m tcp --dport 443 -j RETURN
$ADD_MANGLE_OUT -p tcp -m tcp --dport 80 -j RETURN
# Webserver
$ADD_MANGLE_OUT -p tcp -m tcp --sport 443 -j RETURN
$ADD_MANGLE_OUT -p tcp -m tcp --sport 443 -j RETURN
fi
### DNS SERVER TCP
$ADD_MANGLE_PRE -p tcp -m tcp --dport 53 -j MARK --set-mark 0x1
$ADD_MANGLE_OUT -p tcp -m tcp --dport 53 -j MARK --set-mark 0x1
if [ $RULE_RETURN = 1 ]; then
$ADD_MANGLE_PRE -p tcp -m tcp --dport 53 -j RETURN
$ADD_MANGLE_OUT -p tcp -m tcp --dport 53 -j RETURN
fi
### ALL UDP, include DNS
$ADD_MANGLE_PRE -p udp -j MARK --set-mark 0x1
$ADD_MANGLE_OUT -p udp -j MARK --set-mark 0x1
if [ $RULE_RETURN = 1 ]; then
$ADD_MANGLE_PRE -p udp -j RETURN
$ADD_MANGLE_OUT -p udp -j RETURN
fi
### Other Server Services to #3
#Mail
$ADD_MANGLE_OUT -p tcp -m tcp --sport 25 -j MARK --set-mark 0x3
$ADD_MANGLE_OUT -p tcp -m tcp --sport 110 -j MARK --set-mark 0x3
$ADD_MANGLE_OUT -p tcp -m tcp --sport 587 -j MARK --set-mark 0x3
$ADD_MANGLE_OUT -p tcp -m tcp --sport 993 -j MARK --set-mark 0x3
$ADD_MANGLE_OUT -p tcp -m tcp --sport 995 -j MARK --set-mark 0x3
if [ $RULE_RETURN = 1 ]; then
$ADD_MANGLE_OUT -p tcp -m tcp --sport 25 -j RETURN
$ADD_MANGLE_OUT -p tcp -m tcp --sport 110 -j RETURN
$ADD_MANGLE_OUT -p tcp -m tcp --sport 587 -j RETURN
$ADD_MANGLE_OUT -p tcp -m tcp --sport 993 -j RETURN
$ADD_MANGLE_OUT -p tcp -m tcp --sport 995 -j RETURN
fi
}
do_start() {
$TC qdisc add dev $EXT_IF root handle 1: htb default 13
$TC class add dev $EXT_IF parent 1: classid 1:1 htb rate ${UP_SPEED}${UNIT} ceil ${UP_SPEED}${UNIT}
$TC class add dev $EXT_IF parent 1:1 classid 1:10 htb rate $(( UP_SPEED / 4 ))${UNIT} ceil ${UP_SPEED}${UNIT} prio 0
$TC class add dev $EXT_IF parent 1:1 classid 1:11 htb rate $(( UP_SPEED / 4 ))${UNIT} ceil ${UP_SPEED}${UNIT} prio 1
$TC class add dev $EXT_IF parent 1:1 classid 1:12 htb rate $(( UP_SPEED / 4 ))${UNIT} ceil ${UP_SPEED}${UNIT} prio 2
$TC class add dev $EXT_IF parent 1:1 classid 1:13 htb rate $(( UP_SPEED / 4 ))${UNIT} ceil ${UP_SPEED}${UNIT} prio 3
#$TC class add dev $EXT_IF parent 1:1 classid 1:14 htb rate $(( UP_SPEED / 5 ))${UNIT} ceil ${UP_SPEED}${UNIT} prio 3
#$TC class add dev $EXT_IF parent 1:1 classid 1:15 htb rate $(( UP_SPEED / 6 ))${UNIT} ceil ${UP_SPEED}${UNIT} prio 3
$TC qdisc add dev $EXT_IF parent 1:11 handle 110: sfq perturb 10
$TC qdisc add dev $EXT_IF parent 1:12 handle 120: sfq perturb 10
$TC qdisc add dev $EXT_IF parent 1:13 handle 130: sfq perturb 10
#$TC qdisc add dev $EXT_IF parent 1:14 handle 140: sfq perturb 10
#$TC qdisc add dev $EXT_IF parent 1:15 handle 150: sfq perturb 10
classify
add_rules
return 0
}
do_stop() {
clear_qos
return 0
}
case "$1" in
start)
do_start
;;
stop)
do_stop
;;
restart)
do_stop
do_start
;;
status)
exit 0
;;
*)
echo "Usage: /etc/init.d/QoS {start|stop|restart} "
;;
esac
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment