Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- IP-CIDR1=10.0.0.0/16
- IP-CIDR2=10.1.0.0/16
- IP-CIDR3=10.2.0.0/16
- IP-CIDR4=10.3.0.0/16
- tc qdisc del dev eth0 root
- tc qdisc add dev eth0 root handle 1: htb default 20
- tc class add dev eth0 parent 1: classid 1:1 htb rate 850mbit ceil 900mbit
- #SSH
- tc class add dev eth0 parent 1: classid 1:10 htb rate 2mbit ceil 5mbit prio 1
- tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
- #Legit users
- tc class add dev eth0 parent 1: classid 1:20 htb rate 750mbit ceil 900mbit prio 2
- tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
- #General Abusers
- tc class add dev eth0 parent 1: classid 1:30 htb rate 1mbit ceil 1mbit prio 16
- tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10
- #SSH
- tc filter add dev eth0 parent 1:0 protocol ip prio 10 u32 match ip sport 22 0xffff flowid 1:10
- tc filter add dev eth0 parent 1:0 protocol ip prio 10 u32 match ip dport 22 0xffff flowid 1:10
- #Rate limit subnets to 1MB/s
- tc filter add dev eth0 parent 1:0 protocol ip prio 16 u32 match ip dst $IP-CIDR1 flowid 1:30
- tc filter add dev eth0 parent 1:0 protocol ip prio 16 u32 match ip dst $IP-CIDR2 flowid 1:30
- tc filter add dev eth0 parent 1:0 protocol ip prio 16 u32 match ip dst $IP-CIDR3 flowid 1:30
- tc filter add dev eth0 parent 1:0 protocol ip prio 16 u32 match ip dst $IP-CIDR4 flowid 1:30
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
