Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/usr/bin/env bash
#
# Script to rate limit port 443
#
#network interface on which to limit traffic
IF="bond0"
#limit of the network interface in question
LINKCEIL="10gbit"
#limit outbound https protocol traffic to this rate
LIMIT="100mbit"
# Net or nets.. Space separated list.
# Can use "/32" for single IP addresses.
NETS=( 10.199.1.121/32 10.199.1.122/32 10.199.1.123/32 )
#delete existing rules
tc qdisc del dev ${IF} root
#add root class
tc qdisc add dev ${IF} root handle 1: htb default 10
#add parent class
tc class add dev ${IF} parent 1: classid 1:1 htb rate ${LINKCEIL} ceil ${LINKCEIL}
#add our two classes. one unlimited, another limited
tc class add dev ${IF} parent 1:1 classid 1:10 htb rate ${LINKCEIL} ceil ${LINKCEIL} prio 0
tc class add dev ${IF} parent 1:1 classid 1:11 htb rate ${LIMIT} ceil ${LIMIT} prio 1
#add handles to our classes so packets marked with <x> go into the class with "... handle <x> fw ..."
tc filter add dev ${IF} parent 1: protocol ip prio 1 handle 1 fw classid 1:10
tc filter add dev ${IF} parent 1: protocol ip prio 2 handle 2 fw classid 1:11
for net in ${NETS[@]};
do
#limit outgoing traffic to port 443. but not when dealing with a host on the local network
# --set-mark marks packages matching these criteria with the number "2"
# these packages are filtered by the tc filter with "handle 2"
# this filter sends the packages into the 1:11 class, and this class is limited to ${LIMIT}
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 443 ! -d ${net} -j MARK --set-mark 0x2
done
tc -s qdisc ls dev ${IF}
## for testing uncomment these lines...
# wait 2 min
## sleep 120
#delete existing rules
## tc qdisc del dev ${IF} root
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.