tc_outbound_https.sh

## tc_outbound_https.sh
#!/usr/bin/env bash
#

# Script to rate limit port 443
#
#network interface on which to limit traffic
IF="bond0"
#limit of the network interface in question
LINKCEIL="10gbit"
#limit outbound https protocol traffic to this rate
LIMIT="100mbit"
# Net or nets.. Space separated list.
# Can use "/32" for single IP addresses.
NETS=( 10.199.1.121/32 10.199.1.122/32 10.199.1.123/32 )

#delete existing rules
tc qdisc del dev ${IF} root

#add root class
tc qdisc add dev ${IF} root handle 1: htb default 10

#add parent class
tc class add dev ${IF} parent 1: classid 1:1 htb rate ${LINKCEIL} ceil ${LINKCEIL}

#add our two classes. one unlimited, another limited
tc class add dev ${IF} parent 1:1 classid 1:10 htb rate ${LINKCEIL} ceil ${LINKCEIL} prio 0
tc class add dev ${IF} parent 1:1 classid 1:11 htb rate ${LIMIT} ceil ${LIMIT} prio 1

#add handles to our classes so packets marked with <x> go into the class with "... handle <x> fw ..."
tc filter add dev ${IF} parent 1: protocol ip prio 1 handle 1 fw classid 1:10
tc filter add dev ${IF} parent 1: protocol ip prio 2 handle 2 fw classid 1:11


for net in ${NETS[@]};
  do
    #limit outgoing traffic to port 443. but not when dealing with a host on the local network
    #   --set-mark marks packages matching these criteria with the number "2"
    #   these packages are filtered by the tc filter with "handle 2"
    #   this filter sends the packages into the 1:11 class, and this class is limited to ${LIMIT}
    iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 443 ! -d ${net} -j MARK --set-mark 0x2
  done

tc -s qdisc ls dev ${IF}

## for testing uncomment these lines...
# wait 2 min
## sleep 120
#delete existing rules
## tc qdisc del dev ${IF} root
	#!/usr/bin/env bash
	#

	# Script to rate limit port 443
	#
	#network interface on which to limit traffic
	IF="bond0"
	#limit of the network interface in question
	LINKCEIL="10gbit"
	#limit outbound https protocol traffic to this rate
	LIMIT="100mbit"
	# Net or nets.. Space separated list.
	# Can use "/32" for single IP addresses.
	NETS=( 10.199.1.121/32 10.199.1.122/32 10.199.1.123/32 )

	#delete existing rules
	tc qdisc del dev ${IF} root

	#add root class
	tc qdisc add dev ${IF} root handle 1: htb default 10

	#add parent class
	tc class add dev ${IF} parent 1: classid 1:1 htb rate ${LINKCEIL} ceil ${LINKCEIL}

	#add our two classes. one unlimited, another limited
	tc class add dev ${IF} parent 1:1 classid 1:10 htb rate ${LINKCEIL} ceil ${LINKCEIL} prio 0
	tc class add dev ${IF} parent 1:1 classid 1:11 htb rate ${LIMIT} ceil ${LIMIT} prio 1

	#add handles to our classes so packets marked with <x> go into the class with "... handle <x> fw ..."
	tc filter add dev ${IF} parent 1: protocol ip prio 1 handle 1 fw classid 1:10
	tc filter add dev ${IF} parent 1: protocol ip prio 2 handle 2 fw classid 1:11



	for net in ${NETS[@]};
	do
	#limit outgoing traffic to port 443. but not when dealing with a host on the local network
	# --set-mark marks packages matching these criteria with the number "2"
	# these packages are filtered by the tc filter with "handle 2"
	# this filter sends the packages into the 1:11 class, and this class is limited to ${LIMIT}
	iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 443 ! -d ${net} -j MARK --set-mark 0x2
	done

	tc -s qdisc ls dev ${IF}

	## for testing uncomment these lines...
	# wait 2 min
	## sleep 120
	#delete existing rules
	## tc qdisc del dev ${IF} root