API tools faq
paste
Guest User

Untitled

a guest
Dec 24th, 2014
301
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.74 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2.  
  3. MAC1=00:11:32:00:00:00
  4. MAC2=78:24:AF:00:00:00
  5.  
  6. PORTRANGE1=1024:65535 #torrentbox
  7. PORTRANGE2=22 #ssh
  8.  
  9. # TOS rules
  10.  
  11. # Torrents from server, lowest priority
  12. iptables -t mangle -I QOSO 3 -p tcp -m mac --mac-source ${MAC1} -m multiport --sports ${PORTRANGE1} -j RETURN
  13. iptables -t mangle -I QOSO 3 -p tcp -m mac --mac-source ${MAC1} -m multiport --sports ${PORTRANGE1} -j CONNMARK --set-return 0x5/0x7
  14. iptables -t mangle -I QOSO 3 -p udp -m mac --mac-source ${MAC1} -m multiport --sports ${PORTRANGE1} -j RETURN
  15. iptables -t mangle -I QOSO 3 -p udp -m mac --mac-source ${MAC1} -m multiport --sports ${PORTRANGE1} -j CONNMARK --set-return 0x5/0x7
  16.  
  17.  
  18. # ip6tables -t mangle -I QOSO 3 -p tcp -m mac --mac-source ${MAC1} -m multiport --sports ${PORTRANGE1} -j RETURN
  19. # ip6tables -t mangle -I QOSO 3 -p tcp -m mac --mac-source ${MAC1} -m multiport --sports ${PORTRANGE1} -j CONNMARK --set-return 0x5/0x7
  20. # ip6tables -t mangle -I QOSO 3 -p udp -m mac --mac-source ${MAC1} -m multiport --sports ${PORTRANGE1} -j RETURN
  21. # ip6tables -t mangle -I QOSO 3 -p udp -m mac --mac-source ${MAC1} -m multiport --sports ${PORTRANGE1} -j CONNMARK --set-return 0x5/0x7
  22.  
  23.  
  24. # Remote SSH from server
  25. iptables -t mangle -I QOSO 3 -p tcp -m mac --mac-source ${MAC2} --sport ${PORTRANGE2} -j RETURN
  26. iptables -t mangle -I QOSO 3 -p tcp -m mac --mac-source ${MAC2} --sport ${PORTRANGE2} -j CONNMARK --set-return 0x1/0x7
  27.  
  28. # ip6tables -t mangle -I QOSO 3 -p tcp -m mac --mac-source ${MAC2} --sport ${PORTRANGE2} -j RETURN
  29. # ip6tables -t mangle -I QOSO 3 -p tcp -m mac --mac-source ${MAC2} --sport ${PORTRANGE2} -j CONNMARK --set-return 0x1/0x7
  30.  
  31.  
  32.  
  33. # ICMP
  34. iptables -t mangle -I QOSO 3 -p icmp --icmp-type 8 -j RETURN
  35. iptables -t mangle -I QOSO 3 -p icmp --icmp-type 8 -j CONNMARK --set-return 0x1/0x7
  36. iptables -t mangle -I QOSO 3 -p icmp --icmp-type 0 -j RETURN
  37. iptables -t mangle -I QOSO 3 -p icmp --icmp-type 0 -j CONNMARK --set-return 0x1/0x7
  38.  
  39.  
  40. # ip6tables -t mangle -I QOSO 3 -p icmpv6 --icmpv6-type 128 -j RETURN
  41. # ip6tables -t mangle -I QOSO 3 -p icmpv6 --icmpv6-type 128 -j CONNMARK --set-return 0x1/0x7
  42. # ip6tables -t mangle -I QOSO 3 -p icmpv6 --icmpv6-type 129 -j RETURN
  43. # ip6tables -t mangle -I QOSO 3 -p icmpv6 --icmpv6-type 129 -j CONNMARK --set-return 0x1/0x7
  44.  
  45.  
  46. ######################################################################
  47.  
  48.  
  49. DEV=$(nvram get wan0_ifname)
  50. CEIL=2048 #maximum upload in kbits/s
  51.  
  52. #Rates
  53. HIGHEST=20
  54. HIGH=29
  55. MEDIUM=1
  56. LOW=40
  57. LOWEST=10
  58.  
  59. #Upper limit
  60. HIGHEST_LIM=90
  61. HIGH_LIM=70
  62. MEDIUM_LIM=1
  63. LOW_LIM=80
  64. LOWEST_LIM=50
  65.  
  66. tc qdisc del dev ${DEV} root
  67. tc qdisc del dev ${DEV} ingress
  68. tc qdisc add dev ${DEV} stab linklayer adsl overhead 40 mtu 1492 mpu 53 root handle 1: hfsc default 40
  69. # Upload 1:1
  70. tc class add dev ${DEV} parent 1: classid 1:1 hfsc sc rate ${CEIL}kbit ul rate ${CEIL}kbit
  71. # download 1:2
  72. tc class add dev ${DEV} parent 1: classid 1:2 htb rate 1000000kbit ceil 1000000kbit burst 10000 cburst 10000
  73. # 1:60 ALL Download for BCM
  74. tc class add dev ${DEV} parent 1:2 classid 1:60 htb rate 1000000kbit ceil 1000000kbit burst 10000 cburst 10000 prio 6
  75. tc qdisc add dev ${DEV} parent 1:60 handle 60: pfifo
  76. tc filter add dev ${DEV} parent 1: prio 6 protocol 802.1q handle 6 fw flowid 1:60
  77. # Upload HIGHEST
  78. tc class add dev ${DEV} parent 1:1 classid 1:10 hfsc sc umax 1492b dmax 20ms rate $(($HIGHEST*$CEIL/100))kbit ls rate $(($HIGHEST_LIM*$CEIL/100))kbit ul rate ${CEIL}kbit
  79. tc qdisc add dev ${DEV} parent 1:10 handle 10: sfq limit 127 perturb 10
  80. tc filter add dev ${DEV} protocol all parent 1: prio 10 handle 1 fw classid 1:10
  81. tc filter add dev ${DEV} protocol all prio 1 parent 10: handle 10 flow hash keys nfct-src divisor 1024
  82. echo " TC Class 1:110 defined."
  83. # Upload HIGH
  84. tc class add dev ${DEV} parent 1:1 classid 1:20 hfsc sc umax 1492b dmax 33ms rate $(($HIGH*$CEIL/100))kbit ls rate $(($HIGH_LIM*$CEIL/100))kbit ul rate ${CEIL}kbit
  85. # tc class add dev ${DEV} parent 1:1 classid 1:20 hfsc sc rate $(($HIGH*$CEIL/100))kbit ls rate $(($HIGH_LIM*$CEIL/100))kbit ul rate ${CEIL}kbit
  86. tc qdisc add dev ${DEV} parent 1:20 handle 20: sfq limit 127 perturb 10
  87. tc filter add dev ${DEV} protocol all parent 1: prio 20 handle 2 fw classid 1:20
  88. tc filter add dev ${DEV} protocol all prio 1 parent 20: handle 20 flow hash keys nfct-src divisor 1024
  89. # Ack packets
  90. tc filter add dev ${DEV} parent 1:0 protocol ip prio 14 u32\
  91. match ip protocol 6 0xff\
  92. match u8 0x05 0x0f at 0\
  93. match u16 0x0000 0xffc0 at 2\
  94. match u8 0x10 0xff at 33 flowid 1:10
  95. # Syn packets
  96. tc filter add dev ${DEV} parent 1:0 protocol ip prio 15 u32\
  97. match ip protocol 6 0xff\
  98. match u8 0x05 0x0f at 0\
  99. match u16 0x0000 0xffc0 at 2\
  100. match u8 0x02 0x02 at 33 flowid 1:10
  101. echo " TC Class 1:120 defined."
  102. # Upload MEDIUM
  103. tc class add dev ${DEV} parent 1:1 classid 1:30 hfsc sc rate $(($MEDIUM*$CEIL/100))kbit ls rate $(($MEDIUM_LIM*$CEIL/100))kbit ul rate ${CEIL}kbit
  104. tc qdisc add dev ${DEV} parent 1:30 handle 30: sfq limit 127 perturb 10
  105. tc filter add dev ${DEV} protocol all parent 1: prio 30 handle 3 fw classid 1:30
  106. tc filter add dev ${DEV} protocol all prio 1 parent 30: handle 30 flow hash keys nfct-src divisor 1024
  107. echo " TC Class 1:130 defined."
  108. # Upload LOW (default)
  109. tc class add dev ${DEV} parent 1:1 classid 1:40 hfsc sc umax 1492b dmax 40ms rate $(($LOW*$CEIL/100))kbit ls rate $(($LOW_LIM*$CEIL/100))kbit ul rate ${CEIL}kbit
  110. # tc class add dev ${DEV} parent 1:1 classid 1:40 hfsc sc rate $(($LOW*$CEIL/100))kbit ls rate $(($LOW_LIM*$CEIL/100))kbit ul rate ${CEIL}kbit
  111. tc qdisc add dev ${DEV} parent 1:40 handle 40: sfq limit 127 perturb 10
  112. tc filter add dev ${DEV} protocol all parent 1: prio 40 handle 4 fw classid 1:40
  113. tc filter add dev ${DEV} protocol all prio 1 parent 40: handle 40 flow hash keys nfct-src divisor 1024
  114. echo " TC Class 1:140 defined."
  115. # Upload LOWEST
  116. tc class add dev ${DEV} parent 1:1 classid 1:50 hfsc sc umax 1492b dmax 100ms rate $(($LOWEST*$CEIL/100))kbit ls rate $((LOWEST_LIM*$CEIL/100))kbit ul rate ${CEIL}kbit
  117. # tc class add dev ${DEV} parent 1:1 classid 1:50 hfsc sc rate $(($LOWEST*$CEIL/100))kbit ls rate $((LOWEST_LIM*$CEIL/100))kbit ul rate ${CEIL}kbit
  118. tc qdisc add dev ${DEV} parent 1:50 handle 50: sfq limit 127 perturb 10
  119. tc filter add dev ${DEV} protocol all parent 1: prio 50 handle 5 fw classid 1:50
  120. tc filter add dev ${DEV} protocol all prio 1 parent 50: handle 50 flow hash keys nfct-src divisor 1024
  121. echo " TC Class 1:150 defined."
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!