TC + IPTables implement download and upload bandwidth limit scripts

Source: Internet
Author: User
Article title: TC + IPTables download and upload bandwidth limit script. Linux is a technology channel of the IT lab in China. It includes desktop applications, Linux system management, kernel research, embedded systems, open source, and other basic categories. each IP address is restricted and can be modified at any time. If you are using dial-up Internet access, add the following content to the/etc/ppp/ip-up.local, otherwise there will be no Upload restrictions after reconnection, BT light limit download is not enough.
 
#! /Bin/bash
 
#
 
# Zyx@zyx.2288.org
 
#
 
# Define up/down bandwidth
 
# Note: Kbit
 
DOWNLOAD = 800 Kbit
 
UPLOAD = 160 Kbit
 
# Defining intranet IP segments
 
INET = 192.168.0.
 
# Define the restricted IP address range
 
IPS = 1
 
IPE = 253
 
# Define the IP address of the current server
 
ServerIP = 254
 
# Define inbound and outbound devices
 
IDEV = eth0
 
ODEV = ppp0
 
#
 
#
 
#
 
/Sbin/tc qdisc del dev $ IDEV root handle 10:
 
/Sbin/tc qdisc del dev $ ODEV root handle 20:
 
#
 
/Sbin/tc qdisc add dev $ IDEV root handle 10: cbq bandwidth 100 Mbit avpkt 1000
 
/Sbin/tc qdisc add dev $ ODEV root handle 20: cbq bandwidth 1 Mbit avpkt 1000
 
#
 
/Sbin/tc class add dev $ IDEV parent classid 10:1 cbq bandwidth 100 Mbit rate 100 Mbit allot 1514 weight 1 Mbit prio 8 maxburst 20 avpkt 1000
 
/Sbin/tc class add dev $ ODEV parent 20:0 classid 20cbq bandwidth 1 Mbit rate 1 Mbit allot 1514 weight 10 Kbit prio 8 maxburst 20 avpkt 1000
 
#
 
# Do not restrict intranet downloads from this server.
 
# Note: If there is a proxy on this server, you can bypass the bandwidth limit through the proxy,
 
# You can cancel the following three restrictions on downloading from the server.
 
/Sbin/tc class add dev $ IDEV parent 10classid cbq bandwidth 100 Mbit rate 95 Mbit allot 1514 weight 20 Kbit prio 5 maxburst 20 avpkt 1000 bounded
 
/Sbin/tc qdisc add dev $ IDEV parent 10: 10 sfq quantum 1514b perturb 15
 
/Sbin/tc filter add dev $ IDEV parent 10:0 protocol ip prio 50 u32 match ip src $ INET $ ServerIP flowid 10:10
 
#
 
# Restrict download speed
 
COUNTER = $ IPS
 
While [$ COUNTER-le $ IPE]
 
Do
 
# The following three statements limit the download bandwidth of each IP address:
 
/Sbin/tc class add dev $ IDEV parent 10:1 classid 10:1 $ COUNTER cbq bandwidth 100 Mbit rate $ DOWNLOAD allot 1514 weight 20 Kbit prio 5 maxburst 20 avpkt 1000 bounded
 
/Sbin/tc qdisc add dev $ IDEV parent 10:1 $ COUNTER sfq quantum 1514b perturb 15
 
/Sbin/tc filter add dev $ IDEV parent 10:0 protocol ip prio 100 u32 match ip dst $ INET $ COUNTER flowid 10:1 $ COUNTER
 
COUNTER = 'expr $ COUNTER + 1'
 
Done
 
#
 
# Restrict upload speed
 
COUNTER = $ IPS
 
While [$ COUNTER-le $ IPE]
 
Do
 
# The following three statements limit the upload bandwidth of each IP address:
 
/Sbin/tc class add dev $ ODEV parent 20classid 20$ COUNTER cbq bandwidth 1 Mbit rate $ UPLOAD allot 1514 weight 4 Kbit prio 5 maxburst 20 avpkt 1000 bounded
 
/Sbin/tc qdisc add dev $ ODEV parent 20:1 $ COUNTER sfq quantum 1514b perturb 15
 
/Sbin/tc filter add dev $ ODEV parent 20:0 protocol ip prio 100 handle $ COUNTER fw classid 20:1 $ COUNTER
 
COUNTER = 'expr $ COUNTER + 1'
 
Done
 
# Users with specially cared-for IP addresses in the above range
 
NIP = 78
 
#192.168.0.78 this guy BT every day
 
ND = 200 Kbit
 
NU = 50 Kbit
 
/Sbin/tc class change dev $ IDEV parent 10classid 10:1 $ NIP bandwidth 100 Mbit rate $ ND allot 1514 weight 20 Kbit prio 5 maxburst 20 avpkt 1000 bounded
 
/Sbin/tc class change dev $ ODEV parent 20classid 20$ NIP cbq bandwidth 1 Mbit rate $ NU allot 1514 weight 4 Kbit prio 5 maxburst 20 avpkt 1000 bounded
 
#
 
NIP = 1
 
#192.168.0.1 increase my own bandwidth
 
ND = 1500 Kbit
 
NU = 500 Kbit
 
/Sbin/tc class change dev $ IDEV parent 10classid 10:1 $ NIP bandwidth 100 Mbit rate $ ND allot 1514 weight 20 Kbit prio 5 maxburst 20 avpkt 1000 bounded
 
/Sbin/tc class change dev $ ODEV parent 20classid 20$ NIP cbq bandwidth 1 Mbit rate $ NU allot 1514 weight 4 Kbit prio 5 maxburst 20 avpkt 1000 bounded
 
#......
 
#
 
#
 
# Modifying the firewall and adding Upload restrictions
 
COUNTER = $ IPS
 
While [$ COUNTER-lt $ IPE]
 
Do
 
Iptables-t mangle-a prerouting-I $ IDEV-s $ INET $ COUNTER-j MARK -- set-mark $ COUNTER
 
COUNTER = 'expr $ COUNTER + 1'
 
Done
 
# NAT
 
Iptables-t nat-a postrouting-o $ EXTIF-s 192.168.0.0/24-j MASQUERADE
 
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.