You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

tc.sh 1.6KB

1234567891011121314151617181920212223242526272829303132333435363738394041
  1. #network interface on which to limit traffic
  2. IF="eth0"
  3. #limit of the network interface in question
  4. LINKCEIL="1gbit"
  5. #limit outbound Bitcoin protocol traffic to this rate
  6. LIMIT="160kbit"
  7. #defines the address space for which you wish to disable rate limiting
  8. LOCALNET="192.168.0.0/16"
  9. #delete existing rules
  10. tc qdisc del dev ${IF} root
  11. #add root class
  12. tc qdisc add dev ${IF} root handle 1: htb default 10
  13. #add parent class
  14. tc class add dev ${IF} parent 1: classid 1:1 htb rate ${LINKCEIL} ceil ${LINKCEIL}
  15. #add our two classes. one unlimited, another limited
  16. tc class add dev ${IF} parent 1:1 classid 1:10 htb rate ${LINKCEIL} ceil ${LINKCEIL} prio 0
  17. tc class add dev ${IF} parent 1:1 classid 1:11 htb rate ${LIMIT} ceil ${LIMIT} prio 1
  18. #add handles to our classes so packets marked with <x> go into the class with "... handle <x> fw ..."
  19. tc filter add dev ${IF} parent 1: protocol ip prio 1 handle 1 fw classid 1:10
  20. tc filter add dev ${IF} parent 1: protocol ip prio 2 handle 2 fw classid 1:11
  21. #delete any existing rules
  22. #disable for now
  23. #ret=0
  24. #while [ $ret -eq 0 ]; do
  25. # iptables -t mangle -D OUTPUT 1
  26. # ret=$?
  27. #done
  28. #limit outgoing traffic to and from port 8333. but not when dealing with a host on the local network
  29. # (defined by $LOCALNET)
  30. # --set-mark marks packages matching these criteria with the number "2"
  31. # these packages are filtered by the tc filter with "handle 2"
  32. # this filter sends the packages into the 1:11 class, and this class is limited to ${LIMIT}
  33. iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 8333 ! -d ${LOCALNET} -j MARK --set-mark 0x2
  34. iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 8333 ! -d ${LOCALNET} -j MARK --set-mark 0x2