QOS (Quality of Service)

!/bin/bash
tc qdisc del dev eth0 root > /dev/null 2>&1
 
tc qdisc add dev eth0 root handle 1: htb default 11
tc class add dev eth0 parent 1: classid 1:1 htb rate 500kbit ceil 500kbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 225kbit ceil 500kbit prio 1
tc class add dev eth0 parent 1:1 classid 1:11 htb rate 225kbit ceil 500kbit prio 1
tc class add dev eth0 parent 1:1 classid 1:12 htb rate 50kbit ceil 500kbit prio 0
tc qdisc add dev eth0 parent 1:10 handle 2: sfq perturb 10
tc qdisc add dev eth0 parent 1:11 handle 3: sfq perturb 10
tc qdisc add dev eth0 parent 1:12 handle 4: sfq perturb 10
 
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 1 match u8 0x10 0xff at 33 flowid 1:12
 
tc filter add dev eth0 protocol ip parent 1: prio 2 u32 match ip dport 80 0xffff flowid 1:10
#!/bin/bash
E0=eth0
#Czyszczenie
tc qdisc del dev $E0 root 2> /dev/null

tc qdisc add dev $E0 handle 1: root htb default 14

tc class add dev $E0 classid 1:1 parent 1: htb rate 250kbit ceil 250kbit
tc class add dev $E0 classid 1:10 parent 1:1 htb rate 100kbit ceil 250kbit prio 2
tc class add dev $E0 classid 1:11 parent 1:1 htb rate 50kbit ceil 250kbit prio 2
tc class add dev $E0 classid 1:12 parent 1:1 htb rate 50kbit ceil 250kbit prio 1
tc class add dev $E0 classid 1:13 parent 1:1 htb rate 45kbit ceil 250kbit prio 3
tc class add dev $E0 classid 1:14 parent 1:1 htb rate 5kbit ceil 250kbit prio 3

tc qdisc add dev $E0 handle 2: parent 1:10 sfq perturb 3
tc qdisc add dev $E0 handle 3: parent 1:11 sfq perturb 3
tc qdisc add dev $E0 handle 4: parent 1:12 sfq perturb 3
tc qdisc add dev $E0 handle 5: parent 1:13 sfq perturb 3
tc qdisc add dev $E0 handle 6: parent 1:14 sfq perturb 3

#pakiety wychodzace na port 23 TCP
tc filter add dev $E0 protocol ip parent 1: prio 10 u32 \
	match u8 0x05 0x0f at 0 \
	match u8 0x06 0xff at 9 \
	match u16 0x0017 0xffff at 22 \
	flowid 1:10

#pakiety wychodzace na port 5001 TCP (ssh)
tc filter add dev $E0 protocol ip parent 1: prio 10 u32 \
	match u8 0x05 0x0f at 0 \
	match u8 0x06 0xff at 9 \
	match u16 0x1389 0xffff at 22 \
	flowid 1:11

#pakiety wychodzace na port 995 TCP
tc filter add dev $E0 protocol ip parent 1: prio 10 u32 \
	match u8 0x05 0x0f at 0 \
	match u8 0x06 0xff at 9 \
	match u16 0x03e3 0xffff at 22 \
	flowid 1:11

#pakiety wychodzace z portu 995 TCP
tc filter add dev $E0 protocol ip parent 1: prio 10 u32 \
	match u8 0x05 0x0f at 0 \
	match u8 0x06 0xff at 9 \
	match u16 0x03e3 0xffff at 20 \
	flowid 1:11

#pakiety wychodzace z portu 5001 TCP (ssh)
tc filter add dev $E0 protocol ip parent 1: prio 10 u32 \
	match u8 0x05 0x0f at 0 \
	match u8 0x06 0xff at 9 \
	match u16 0x1389 0xffff at 20 \
	flowid 1:11

#pakiety wychodzace na porty 443 80 25 143 993 TCP
for i in 443 80 25 143 993; do 
tc filter add dev $E0 protocol ip parent 1: prio 10 u32 \
	match u8 0x05 0x0f at 0 \
	match u8 0x06 0xff at 9 \
	match u16 `python -c "print hex($i)"` 0xffff at 22 \
	flowid 1:13
done
#pakiety wychodzace na port 53 UDP
tc filter add dev $E0 protocol ip parent 1: prio 10 u32 \
	match u8 0x05 0x0f at 0 \
	match u8 0x11 0xff at 9 \
	match u16 0x0035 0xffff at 22 \
	flowid 1:13

#pakiety wychodzace na port 80 TCP
#tc filter add dev $E0 protocol ip parent 1: prio 10 u32 \
#	match u8 0x05 0x0f at 0 \
#	match u8 <0x06:TCP; 0x11:UDP> 0xff at 9 \
#	match u16 <port w hex> 0xffff at <22:na; 20:z> \
#	flowid 1:11

#potwierdzenia TCP (ACK)
tc filter add dev $E0 protocol ip parent 1: prio 5 u32 \
	match u8 0x05 0x0f at 0 \
	match u8 0x06 0xff at 9 \
	match u8 0x10 0xff at 33 \
	match u16 0x0000 0xffc0 at 1 \
	flowid 1:12
#!/bin/bash
tc qdisc del dev eth0 root 2> /dev/null
 
tc qdisc add dev eth0 handle 1:0 root htb default 13
tc class add dev eth0 classid 1:1 root htb rate 500kbit ceil 500kbit
tc class add dev eth0 classid 1:10 parent 1:1 htb rate 100kbit ceil 500kbit prio 1
tc class add dev eth0 classid 1:11 parent 1:1 htb rate 100kbit ceil 500kbit prio 2
tc class add dev eth0 classid 1:12 parent 1:1 htb rate 250kbit ceil 500kbit prio 2
tc class add dev eth0 classid 1:13 parent 1:1 htb rate 50kbit ceil 500kbit prio 3
 
tc qdisc add dev eth0 handle 10:0 parent 1:10 sfq perturb 5
tc qdisc add dev eth0 handle 11:0 parent 1:11 sfq perturb 5
tc qdisc add dev eth0 handle 12:0 parent 1:12 sfq perturb 5
tc qdisc add dev eth0 handle 13:0 parent 1:13 sfq perturb 5
 
#ICMP
#tc filter add dev eth0 pref 10 protocol ip u32 match u8 0x01 0xff at 9 flowid 1:12
 
#znane TCP
for i in 22 25 80 110 143 443 465 587 993 995; do
  PORT_HEX=`python -c "print hex($i)"`
  tc filter add dev eth0 pref 10 protocol ip u32 \
	match u8 0x07 0xff at 9 \
	match u8 0x05 0x0f at 0 \
	match u16 $PORT_HEX 0xffff at 22 \
	flowid 1:12
done
 
#znane UDP
for i in 53; do
  PORT_HEX=`python -c "print hex($i)"`
  tc filter add dev eth0 pref 10 protocol ip u32 \
	match u8 0x11 0xff at 9 \
	match u8 0x05 0x0f at 0 \
	match u16 $PORT_HEX 0xffff at 22 \
	flowid 1:12
done
 
#male SSH
tc filter add dev eth0 pref 8 protocol ip u32 \
	match u8 0x07 0xff at 9 \
	match u8 0x05 0x0f at 0 \
	match u16 0x16 0xffff at 22 \
	match u16 0x0 0xff80 at 2 \
	flowid 1:11
 
#pakiety ACK
tc filter add dev eth0 pref 6 protocol ip u32 \
	match u8 0x07 0xff at 9 \
	match u8 0x05 0x0f at 0 \
	match u16 0x0 0xff80 at 2 \
	match u8 0x10 0x10 at 33 \
	flowid 1:10

qos-fw

#!/bin/bash
tc qdisc del dev eth0 root 2> /dev/null
 
tc qdisc add dev eth0 handle 1:0 root htb default 13
tc class add dev eth0 classid 1:1 root htb rate 500kbit ceil 500kbit
tc class add dev eth0 classid 1:10 parent 1:1 htb rate 100kbit ceil 500kbit prio 1
tc class add dev eth0 classid 1:11 parent 1:1 htb rate 100kbit ceil 500kbit prio 2
tc class add dev eth0 classid 1:12 parent 1:1 htb rate 250kbit ceil 500kbit prio 2
tc class add dev eth0 classid 1:13 parent 1:1 htb rate 50kbit ceil 500kbit prio 3
 
tc qdisc add dev eth0 handle 10:0 parent 1:10 sfq perturb 5
tc qdisc add dev eth0 handle 11:0 parent 1:11 sfq perturb 5
tc qdisc add dev eth0 handle 12:0 parent 1:12 sfq perturb 5
tc qdisc add dev eth0 handle 13:0 parent 1:13 sfq perturb 5
 
tc filter add dev eth0 pref 1 protocol ip handle 10 fw flowid 1:10
tc filter add dev eth0 pref 1 protocol ip handle 11 fw flowid 1:11
tc filter add dev eth0 pref 1 protocol ip handle 12 fw flowid 1:12
 
 
 
#iptables -t mangle -A POSTROUTING -p icmp -j MARK --set-mark 12
#acki
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags ACK ACK -j MARK --set-mark 10
 
#male ssh (?)
 
for i in 22 25 80 110 143 443 465 587 993 995; do 
  iptables -t mangle -A POSTROUTING -p tcp --dport $i -j MARK --set-mark 12
done
for i in 53; do 
  iptables -t mangle -A POSTROUTING -p udp --dport $i -j MARK --set-mark 12
done