-
-
Save pfactum/eaf929e0b4d2e81db4fe to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| ### BEGIN INIT INFO | |
| # Provides: shaper2 | |
| # Required-Start: | |
| # Required-Stop: | |
| # Should-Start: | |
| # Default-Start: S | |
| # Default-Stop: | |
| ### END INIT INFO | |
| self="/etc/init.d/shaper2" | |
| ext_if_down="ifb0" | |
| ext_if_up="eth2" | |
| int_if="br0" | |
| max_download="18500kbit" | |
| max_upload="18500kbit" | |
| set -e | |
| case "$1" in | |
| start) | |
| ## internal interface policing | |
| tc qdisc add dev $int_if root codel | |
| ## bringing ifb device up | |
| ip link set dev $ext_if_down up | |
| ## egress mirroring | |
| tc qdisc add dev $ext_if_up handle ffff: ingress | |
| tc filter add dev $ext_if_up parent ffff: protocol ip u32 match u32 0 0 action mirred egress redirect dev $ext_if_down | |
| ## downlink shaping | |
| # pipes | |
| tc qdisc add dev $ext_if_down root handle 1: htb default 99 | |
| tc class add dev $ext_if_down parent 1: classid 1:1 htb rate $max_download burst 10k | |
| tc class add dev $ext_if_down parent 1:1 classid 1:11 htb rate 10kbit ceil $max_download burst 10k prio 1 | |
| tc class add dev $ext_if_down parent 1:1 classid 1:12 htb rate 384kbit ceil $max_download burst 10k prio 2 | |
| tc class add dev $ext_if_down parent 1:1 classid 1:13 htb rate 10kbit ceil $max_download burst 10k prio 3 | |
| tc class add dev $ext_if_down parent 1:1 classid 1:14 htb rate 10kbit ceil $max_download burst 10k prio 4 | |
| tc class add dev $ext_if_down parent 1:1 classid 1:99 htb rate 10kbit ceil $max_download prio 10 | |
| tc qdisc add dev $ext_if_down parent 1:11 handle 11: sfq perturb 10 | |
| tc qdisc add dev $ext_if_down parent 1:12 handle 12: sfq perturb 10 | |
| tc qdisc add dev $ext_if_down parent 1:13 handle 13: sfq perturb 10 | |
| tc qdisc add dev $ext_if_down parent 1:14 handle 14: sfq perturb 10 | |
| tc qdisc add dev $ext_if_down parent 1:99 handle 99: sfq perturb 10 | |
| # filters | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 1 u32 match ip protocol 1 0xff flowid 1:11 # icmp | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 1 u32 match ip sport 22 0xffff flowid 1:11 # ssh | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 1 u32 match ip sport 23 0xffff flowid 1:11 # telnet | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 1 u32 match ip sport 123 0xffff flowid 1:11 # ntp | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 2 u32 match ip sport 5060 0xffff flowid 1:12 # sip signalling | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 2 u32 match ip tos 0x60 0xfc flowid 1:12 # sip qos | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 2 u32 match ip tos 0xb8 0xfc flowid 1:12 # rtp qos | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 3 u32 match ip sport 53 0xffff flowid 1:13 # dns | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 3 u32 match ip sport 25 0xffff flowid 1:13 # smtp | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 3 u32 match ip sport 110 0xffff flowid 1:13 # pop3 | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 3 u32 match ip sport 587 0xffff flowid 1:13 # smtps | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 3 u32 match ip sport 995 0xffff flowid 1:13 # pop3s | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 3 u32 match ip sport 143 0xffff flowid 1:13 # imap | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 3 u32 match ip sport 993 0xffff flowid 1:13 # imaps | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 3 u32 match ip sport 5222 0xffff flowid 1:13 # xmpp | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 3 u32 match ip sport 5223 0xffff flowid 1:13 # xmpps | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 3 u32 match ip sport 1194 0xffff flowid 1:13 # openvpn | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 3 u32 match ip sport 500 0xffff flowid 1:13 # racoon | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 3 u32 match ip sport 4500 0xffff flowid 1:13 # racoon | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 3 u32 match ip sport 5900 0xffff flowid 1:13 # vnc | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 3 u32 match ip sport 3389 0xffff flowid 1:13 # rdp | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 4 u32 match ip sport 80 0xffff flowid 1:14 # http | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 4 u32 match ip sport 443 0xffff flowid 1:14 # https | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 4 u32 match ip sport 20 0xffff flowid 1:14 # ftp | |
| tc filter add dev $ext_if_down protocol ip parent 1: prio 4 u32 match ip sport 21 0xffff flowid 1:14 # ftp | |
| ## uplink shaping | |
| # pipes | |
| tc qdisc add dev $ext_if_up root handle 1: htb default 99 | |
| tc class add dev $ext_if_up parent 1: classid 1:1 htb rate $max_upload burst 10k | |
| tc class add dev $ext_if_up parent 1:1 classid 1:11 htb rate 10kbit ceil $max_upload burst 10k prio 1 | |
| tc class add dev $ext_if_up parent 1:1 classid 1:12 htb rate 384kbit ceil $max_upload burst 10k prio 2 | |
| tc class add dev $ext_if_up parent 1:1 classid 1:13 htb rate 10kbit ceil $max_upload burst 10k prio 3 | |
| tc class add dev $ext_if_up parent 1:1 classid 1:14 htb rate 10kbit ceil $max_upload burst 10k prio 4 | |
| tc class add dev $ext_if_up parent 1:1 classid 1:99 htb rate 10kbit ceil $max_upload prio 10 | |
| tc qdisc add dev $ext_if_up parent 1:11 handle 11: sfq perturb 10 | |
| tc qdisc add dev $ext_if_up parent 1:12 handle 12: sfq perturb 10 | |
| tc qdisc add dev $ext_if_up parent 1:13 handle 13: sfq perturb 10 | |
| tc qdisc add dev $ext_if_up parent 1:14 handle 14: sfq perturb 10 | |
| tc qdisc add dev $ext_if_up parent 1:99 handle 99: sfq perturb 10 | |
| # filters | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 1 u32 match ip protocol 1 0xff flowid 1:11 # icmp | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 1 u32 match ip dport 22 0xffff flowid 1:11 # ssh | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 1 u32 match ip dport 23 0xffff flowid 1:11 # telnet | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 1 u32 match ip dport 123 0xffff flowid 1:11 # ntp | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 2 u32 match ip dport 5060 0xffff flowid 1:12 # sip signalling | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 2 u32 match ip tos 0x60 0xfc flowid 1:12 # sip qos | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 2 u32 match ip tos 0xb8 0xfc flowid 1:12 # rtp qos | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 3 u32 match ip dport 53 0xffff flowid 1:13 # dns | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 3 u32 match ip dport 25 0xffff flowid 1:13 # smtp | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 3 u32 match ip dport 110 0xffff flowid 1:13 # pop3 | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 3 u32 match ip dport 587 0xffff flowid 1:13 # smtps | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 3 u32 match ip dport 995 0xffff flowid 1:13 # pop3s | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 3 u32 match ip dport 143 0xffff flowid 1:13 # imap | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 3 u32 match ip dport 993 0xffff flowid 1:13 # imaps | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 3 u32 match ip dport 5222 0xffff flowid 1:13 # xmpp | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 3 u32 match ip dport 5223 0xffff flowid 1:13 # xmpps | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 3 u32 match ip dport 1194 0xffff flowid 1:13 # openvpn | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 3 u32 match ip dport 500 0xffff flowid 1:13 # racoon | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 3 u32 match ip dport 4500 0xffff flowid 1:13 # racoon | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 3 u32 match ip dport 5900 0xffff flowid 1:13 # vnc | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 3 u32 match ip dport 3389 0xffff flowid 1:13 # rdp | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 4 u32 match ip dport 80 0xffff flowid 1:14 # http | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 4 u32 match ip dport 443 0xffff flowid 1:14 # https | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 4 u32 match ip dport 20 0xffff flowid 1:14 # ftp | |
| tc filter add dev $ext_if_up protocol ip parent 1: prio 4 u32 match ip dport 21 0xffff flowid 1:14 # ftp | |
| ;; | |
| stop) | |
| tc qdisc del dev $ext_if_up handle ffff: ingress | |
| tc qdisc del dev $ext_if_up root | |
| tc qdisc del dev $ext_if_down root | |
| ip link set dev $ext_if_down down | |
| tc qdisc del dev $int_if root | |
| ;; | |
| restart) | |
| $self stop | |
| $self start | |
| ;; | |
| *) | |
| echo 'Usage: /etc/init.d/shaper2 {start|stop|restart}' | |
| exit 1 | |
| ;; | |
| esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment