#!/bin/sh # default echo ' cleaning up...' device=eth1 max_speed=5120 burst=64 mark1=10 proto1=2048 mark2=20 proto2=1024 mark3=30 proto3=512 mark4=40 proto4=256 mark5=50 proto5=128 tc qdisc del dev ${device} root /usr/sbin/iptables -t mangle -F POSTROUTING tc qdisc add dev ${device} root handle 1: htb default 60 tc class add dev ${device} parent 1: classid 1:1 htb rate ${max_speed}Kbit burst ${burst}k # klas 1 tc class add dev ${device} parent 1:1 classid 1:${mark1} htb rate ${proto1}Kbit burst ${burst}k tc qdisc add dev ${device} parent 1:${mark1} handle ${mark1}: sfq perturb 10 tc filter add dev ${device} protocol ip parent 1:0 prio 1 handle ${mark1} fw flowid 1:${mark1} /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto ssh -j MARK --set-xmark 0x${mark1}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto http -j MARK --set-xmark 0x${mark1}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto imap -j MARK --set-xmark 0x${mark1}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto smtp -j MARK --set-xmark 0x${mark1}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto snmp -j MARK --set-xmark 0x${mark1}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto pop3 -j MARK --set-xmark 0x${mark1}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto telnet -j MARK --set-xmark 0x${mark1}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto ssl -j MARK --set-xmark 0x${mark1}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto dns -j MARK --set-xmark 0x${mark1}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto dhcp -j MARK --set-xmark 0x${mark1}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto tftp -j MARK --set-xmark 0x${mark1}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto bgp -j MARK --set-xmark 0x${mark1}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto ciscovpn -j MARK --set-xmark 0x${mark1}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto rdp -j MARK --set-xmark 0x${mark1}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto radmin -j MARK --set-xmark 0x${mark1}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto rlogin -j MARK --set-xmark 0x${mark1}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto ntp -j MARK --set-xmark 0x${mark1}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto vnc -j MARK --set-xmark 0x${mark1}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto tor -j MARK --set-xmark 0x${mark1}/0xffffffff # klas 2 tc class add dev ${device} parent 1:1 classid 1:${mark2} htb rate ${proto2}Kbit burst ${burst}k tc qdisc add dev ${device} parent 1:${mark2} handle ${mark2}: sfq perturb 10 tc filter add dev ${device} protocol ip parent 1:0 prio 1 handle ${mark2} fw flowid 1:${mark2} /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto h323 -j MARK --set-xmark 0x${mark2}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto sip -j MARK --set-xmark 0x${mark2}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto skypetoskype -j MARK --set-xmark 0x${mark2}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto skypeout -j MARK --set-xmark 0x${mark2}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto teamspeak -j MARK --set-xmark 0x${mark2}/0xffffffff # klas 3 tc class add dev ${device} parent 1:1 classid 1:${mark3} htb rate ${proto3}Kbit burst ${burst}k tc qdisc add dev ${device} parent 1:${mark3} handle ${mark3}: sfq perturb 10 tc filter add dev ${device} protocol ip parent 1:0 prio 1 handle ${mark3} fw flowid 1:${mark3} /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto yahoo -j MARK --set-xmark 0x${mark3}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto aim -j MARK --set-xmark 0x${mark3}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto aimwebcontent -j MARK --set-xmark 0x${mark3}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto applejuice -j MARK --set-xmark 0x${mark3}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto ftp -j MARK --set-xmark 0x${mark3}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto http-rtsp -j MARK --set-xmark 0x${mark3}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto irc -j MARK --set-xmark 0x${mark3}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto jabber -j MARK --set-xmark 0x${mark3}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto msn-filetransfer -j MARK --set-xmark 0x${mark3}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto msnmessenger -j MARK --set-xmark 0x${mark3}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto rtp -j MARK --set-xmark 0x${mark3}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto rtsp -j MARK --set-xmark 0x${mark3}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto shoutcast -j MARK --set-xmark 0x${mark3}/0xffffffff # klas 4 tc class add dev ${device} parent 1:1 classid 1:${mark4} htb rate ${proto4}Kbit burst ${burst}k tc qdisc add dev ${device} parent 1:${mark4} handle ${mark4}: sfq perturb 10 tc filter add dev ${device} protocol ip parent 1:0 prio 1 handle ${mark4} fw flowid 1:${mark4} /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto gnutella -j MARK --set-xmark 0x${mark4}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto fasttrack -j MARK --set-xmark 0x${mark4}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto edonkey -j MARK --set-xmark 0x${mark4}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto bittorrent -j MARK --set-xmark 0x${mark4}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto ares -j MARK --set-xmark 0x${mark4}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto gopher -j MARK --set-xmark 0x${mark4}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto ipp -j MARK --set-xmark 0x${mark4}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto kugoo -j MARK --set-xmark 0x${mark4}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto napster -j MARK --set-xmark 0x${mark4}/0xffffffff # klas 5 tc class add dev ${device} parent 1:1 classid 1:${mark5} htb rate ${proto5}Kbit burst ${burst}k tc qdisc add dev ${device} parent 1:${mark5} handle ${mark5}: sfq perturb 10 tc filter add dev ${device} protocol ip parent 1:0 prio 1 handle ${mark5} fw flowid 1:${mark5} /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto unset -j MARK --set-xmark 0x${mark5}/0xffffffff /usr/sbin/iptables -t mangle -A POSTROUTING -m layer7 --l7proto unknown -j MARK --set-xmark 0x${mark5}/0xffffffff