iptables+tc 限制每个ip的带宽
2010-12-15 22:42
381 查看
#!/bin/bash
# OUTdoor interface
GREEN_DEV=eth1
# INdoor interface
RED_DEV=eth0
# Upload rate 250kb/s
UPRATE=2000
# Download rate 80kb/s
DOWNRATE=640
start(){
#clean existing down and uplink qdiscs,put the errors to /var/log/htb_log
tc qdisc del dev $RED_DEV root 2>/dev/null >/dev/null
tc qdisc del dev $GREEN_DEV root 2>/dev/null >/dev/null
tc qdisc del dev $RED_DEV ingress 2>/dev/null >/dev/null
tc qdisc del dev $GREEN_DEV ingress 2>/dev/null >/dev/null
tc qdisc add dev $GREEN_DEV root handle 2: htb
tc qdisc add dev $RED_DEV root handle 2: htb
tc class add dev $GREEN_DEV parent 2: classid 2:1 htb rate 256kbit
tc class add dev $RED_DEV parent 2: classid 2:1 htb rate 256kbit
i=5;
while [ $i -le 25 ]
do
tc class add dev $GREEN_DEV parent 2:1 classid 2:2$i htb rate ${DOWNRATE}kbit ceil ${DOWNRATE}kbit burst 15k
tc class add dev $RED_DEV parent 2:1 classid 2:2$i htb rate ${UPRATE}kbit ceil ${UPRATE}kbit burst 15k
tc qdisc add dev $GREEN_DEV parent 2:2$i handle 2$i: sfq
tc qdisc add dev $RED_DEV parent 2:2$i handle 2$i: sfq
tc filter add dev $GREEN_DEV parent 2:0 protocol ip prio 1 u32 match ip dst 192.168.1.$i flowid 2:2$i
tc filter add dev $RED_DEV parent 2:0 protocol ip prio 1 u32 match ip dst 192.168.1.$i flowid 2:2$i
i=`expr $i + 1`
done
}
stop(){
#clean existing down and uplink qdiscs,put the errors to /var/log/htb_log
tc qdisc del dev $RED_DEV root 2>/dev/null >/dev/null
tc qdisc del dev $GREEN_DEV root 2>/dev/null >/dev/null
}
status() {
echo "Show qdisc $RED_DEV (Display Upload queue):"
tc -s qdisc show dev $RED_DEV
echo "Show class $RED_DEV (Display Upload class):"
tc class show dev $RED_DEV
echo "*********************************UP/DOWN*********************************"
echo "Show qdisc $GREEN_DEV (Display Download queue):"
tc -s qdisc show dev $GREEN_DEV
echo "Show class $GREEN_DEV (Display Download class):"
tc class show dev $GREEN_DEV
}
usage(){
echo "(usage): `basename $0` [start | stop | restart | status]"
echo ""
echo "Argument: functions:"
echo "start start traffic-control"
echo "stop stop traffic-control"
echo "restart restart traffic-control"
echo "status show detail of traffic"
}
# Argument
kernel=`uname -r|cut -b 1-3`
case "$kernel" in
2.4|2.6)
case "$1" in
start)
( start && echo "TC started!" ) || echo "Error."
exit 0
;;
stop)
( stop && echo "TC stopped!" ) || echo "Error."
exit 0
;;
restart)
( start && echo "TC restarted!" ) || echo "Error."
exit 0
;;
status)
status
;;
*)
usage
exit 1
;;
esac
;;
*)
echo " (!) Error: Unsupported Kernel!"
exit 1
;;
esac
# OUTdoor interface
GREEN_DEV=eth1
# INdoor interface
RED_DEV=eth0
# Upload rate 250kb/s
UPRATE=2000
# Download rate 80kb/s
DOWNRATE=640
start(){
#clean existing down and uplink qdiscs,put the errors to /var/log/htb_log
tc qdisc del dev $RED_DEV root 2>/dev/null >/dev/null
tc qdisc del dev $GREEN_DEV root 2>/dev/null >/dev/null
tc qdisc del dev $RED_DEV ingress 2>/dev/null >/dev/null
tc qdisc del dev $GREEN_DEV ingress 2>/dev/null >/dev/null
tc qdisc add dev $GREEN_DEV root handle 2: htb
tc qdisc add dev $RED_DEV root handle 2: htb
tc class add dev $GREEN_DEV parent 2: classid 2:1 htb rate 256kbit
tc class add dev $RED_DEV parent 2: classid 2:1 htb rate 256kbit
i=5;
while [ $i -le 25 ]
do
tc class add dev $GREEN_DEV parent 2:1 classid 2:2$i htb rate ${DOWNRATE}kbit ceil ${DOWNRATE}kbit burst 15k
tc class add dev $RED_DEV parent 2:1 classid 2:2$i htb rate ${UPRATE}kbit ceil ${UPRATE}kbit burst 15k
tc qdisc add dev $GREEN_DEV parent 2:2$i handle 2$i: sfq
tc qdisc add dev $RED_DEV parent 2:2$i handle 2$i: sfq
tc filter add dev $GREEN_DEV parent 2:0 protocol ip prio 1 u32 match ip dst 192.168.1.$i flowid 2:2$i
tc filter add dev $RED_DEV parent 2:0 protocol ip prio 1 u32 match ip dst 192.168.1.$i flowid 2:2$i
i=`expr $i + 1`
done
}
stop(){
#clean existing down and uplink qdiscs,put the errors to /var/log/htb_log
tc qdisc del dev $RED_DEV root 2>/dev/null >/dev/null
tc qdisc del dev $GREEN_DEV root 2>/dev/null >/dev/null
}
status() {
echo "Show qdisc $RED_DEV (Display Upload queue):"
tc -s qdisc show dev $RED_DEV
echo "Show class $RED_DEV (Display Upload class):"
tc class show dev $RED_DEV
echo "*********************************UP/DOWN*********************************"
echo "Show qdisc $GREEN_DEV (Display Download queue):"
tc -s qdisc show dev $GREEN_DEV
echo "Show class $GREEN_DEV (Display Download class):"
tc class show dev $GREEN_DEV
}
usage(){
echo "(usage): `basename $0` [start | stop | restart | status]"
echo ""
echo "Argument: functions:"
echo "start start traffic-control"
echo "stop stop traffic-control"
echo "restart restart traffic-control"
echo "status show detail of traffic"
}
# Argument
kernel=`uname -r|cut -b 1-3`
case "$kernel" in
2.4|2.6)
case "$1" in
start)
( start && echo "TC started!" ) || echo "Error."
exit 0
;;
stop)
( stop && echo "TC stopped!" ) || echo "Error."
exit 0
;;
restart)
( start && echo "TC restarted!" ) || echo "Error."
exit 0
;;
status)
status
;;
*)
usage
exit 1
;;
esac
;;
*)
echo " (!) Error: Unsupported Kernel!"
exit 1
;;
esac
相关文章推荐
- tc流控脚本 ,动态保证每个ip有1M带宽
- TC+IPTables实现下载和上传带宽限制脚本
- 如何配置iptables与tc限制带宽和流量
- iptables+tc实现isp级别每ip限速并限制会话数
- IPTABLES可以限制每个ip的最大连接数
- iptables限制每个IP的链接数
- 嵌入式 使用iptables限制同一ip的连接数
- Linux下通过iptables配置工具限制ip访问服务器
- apache限制并发数,IP,带宽设置
- iptables限制MACIP绑定上网+Squid 透明代理How to
- Nginx 限制单个IP的并发连接数及对每个连接速度(限速)
- 使用tc限制带宽
- apache cband模板限制IP并发连接数和带宽
- iptables限制单个IP并发TCP连接
- iptables限制同一IP连接数
- nginx限制ip连接数和带宽
- apache 限制每个连接的带宽
- iptables利用connlimit模块限制同一IP连接数
- linux 防火墙IPTABLES 设置IP连接限制