Jump to content

iptables for router


and_woox
 Share

Recommended Posts

Please i'm working on a script to limit the bandwidth for certain clients on my network(using a router running a linux firmware).

The router is the asus wl-500g, and i'm not sure if this script is finished yet.

Before i load it to my router i prefer to be sure that everything is ok.

What do you think about the script?

 

 

TCA="tc class add dev br0"

TFA="tc filter add dev br0"

tc qdisc del dev br0 root

tc qdisc add dev br0 root handle 1: htb

tc class add dev br0 parent 1: classid 1:1 htb rate 3480kbit

$TCA parent 1:1 classid 1:10 htb rate 256kbit ceil 256kbit prio 2

$TCA parent 1:1 classid 1:11 htb rate 256kbit ceil 256kbit prio 2

$TFA parent 1:0 prio 2 protocol ip handle 10 fw flowid 1:10

$TFA parent 1:0 prio 2 protocol ip handle 11 fw flowid 1:11

iptables -t mangle -A POSTROUTING -d 192.168.1.2 -j MARK --set-mark 10

iptables -t mangle -A POSTROUTING -d 192.168.1.3 -j MARK --set-mark 11

tc qdisc add dev br0 ingress

$TFA parent ffff: protocol ip u32 match ip src 192.168.1.2 flowid :1 police rate 160kbit mtu 12k burst 10k drop

$TFA parent ffff: protocol ip u32 match ip src 192.168.1.3 flowid :1 police rate 160kbit mtu 12k burst 10k drop

iptables -I FORWARD -s 192.168.1.2 -p tcp -m connlimit --connlimit-above 100 -j DROP

iptables -I FORWARD -s 192.168.1.3 -p tcp -m connlimit --connlimit-above 100 -j DROP

Link to comment
Share on other sites

  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...