限流脚本
#!/bin/bash # The Ultimate Setup For Your Internet Connection At Home # # # Set the following values to somewhat less than your actual download # and uplink speed. In kilobits DOWNLINK=4000 UPLINK=20000 DEV=eth0 red=`tput setaf 1` reset=`tput sgr0` function _check { tc -s qdisc ls dev $DEV } function status { s=`tc -s qdisc ls dev $DEV | grep -o fifo_fast` if [[ $s = 'fifo_fast' ]]; then echo "${red} Bandwidth limit is not on effect ${reset}" _check else echo "${red} Bandwidth limit is on effect ${reset}" _check fi } function _stop { tc qdisc del dev $DEV root 2> /dev/null > /dev/null tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null } function _start { ###### uplink # install root HTB, point default traffic to 1:20: tc qdisc add dev $DEV root handle 1: htb default 0 # shape everything at $UPLINK speed - this prevents huge queues in your # DSL modem which destroy latency: tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k # high prio class 1:10: tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit \ burst 6k prio 1 # bulk & default class 1:20 - gets slightly less traffic, # and a lower priority: tc class add dev $DEV parent 1:1 classid 1:20 htb rate $[9*$UPLINK/10]kbit \ burst 6k prio 2 # both get Stochastic Fairness: tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10 # TOS Minimum Delay (ssh, NOT scp) in 1:10: tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \ match ip tos 0x10 0xff flowid 1:10 # ICMP (ip protocol 1) in the interactive class 1:10 so we # can do measurements & impress our friends: tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \ match ip protocol 1 0xff flowid 1:10 # To speed up downloads while an upload is going on, put ACK packets in # the interactive class: tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u16 0x0000 0xffc0 at 2 \ match u8 0x10 0xff at 33 \ flowid 1:10 # rest is 'non-interactive' ie 'bulk' and ends up in 1:20 ########## downlink ############# # slow downloads down to somewhat less than the real speed to prevent # queuing at our ISP. Tune to see how high you can set it. # ISPs tend to have *huge* queues to make sure big downloads are fast # # attach ingress policer: tc qdisc add dev $DEV handle ffff: ingress # filter *everything* to it (0.0.0.0/0), drop everything that's # coming in too fast: #此处是关键限流处,可以添加多个类似语句,实现不同网段的限流 tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \ 10.122.13.10/24 police rate ${DOWNLINK}kbit burst 10k drop flowid :1
tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
10.122.14.10/24 police rate ${DOWNLINK}kbit burst 10k drop flowid :1
} if [[ $1 = 'status' ]];then status exit 0 fi if [[ $1 = 'stop' ]];then _stop echo "${red} Bandwidth limit has been stopped ${reset}" _check exit 0 fi if [[ $1 = 'start' || $1 = 'restart' ]]; then _stop _start echo "${red} Bandwidth limit has been started ${reset}" _check exit 0 fi echo -en "Usage: $0 (start|stop|restart|status)\n"