Jump to content

iptables for router


and_woox
 Share

Recommended Posts

Please i'm working on a script to limit the bandwidth for certain clients on my network(using a router running a linux firmware).

The router is the asus wl-500g, and i'm not sure if this script is finished yet.

Before i load it to my router i prefer to be sure that everything is ok.

What do you think about the script?

 

 

TCA="tc class add dev br0"

TFA="tc filter add dev br0"

tc qdisc del dev br0 root

tc qdisc add dev br0 root handle 1: htb

tc class add dev br0 parent 1: classid 1:1 htb rate 3480kbit

$TCA parent 1:1 classid 1:10 htb rate 256kbit ceil 256kbit prio 2

$TCA parent 1:1 classid 1:11 htb rate 256kbit ceil 256kbit prio 2

$TFA parent 1:0 prio 2 protocol ip handle 10 fw flowid 1:10

$TFA parent 1:0 prio 2 protocol ip handle 11 fw flowid 1:11

iptables -t mangle -A POSTROUTING -d 192.168.1.2 -j MARK --set-mark 10

iptables -t mangle -A POSTROUTING -d 192.168.1.3 -j MARK --set-mark 11

tc qdisc add dev br0 ingress

$TFA parent ffff: protocol ip u32 match ip src 192.168.1.2 flowid :1 police rate 160kbit mtu 12k burst 10k drop

$TFA parent ffff: protocol ip u32 match ip src 192.168.1.3 flowid :1 police rate 160kbit mtu 12k burst 10k drop

iptables -I FORWARD -s 192.168.1.2 -p tcp -m connlimit --connlimit-above 100 -j DROP

iptables -I FORWARD -s 192.168.1.3 -p tcp -m connlimit --connlimit-above 100 -j DROP

Link to comment
Share on other sites

  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...