Portál AbcLinuxu, 10. května 2025 05:51
root@server:/etc/htb# ./htb.init
HTB: Mazu stara pravidla v IPTABLES ..... hotovo
HTB: Nastavuji maximalni mozne rychlosti pro rozhrani: eth0 eth1 eth2 .... hotovo
HTB: Nastavuji omezovaci pravidla ..RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
root@server:/etc/htb# cat ./htb.init
#!/bin/bash
poc_par=0
echo -n "HTB: Mazu stara pravidla v IPTABLES ..... "
iptables -t mangle -F
iptables -t mangle -X
echo "hotovo"
echo -n "HTB: Nastavuji maximalni mozne rychlosti pro rozhrani:"
for maxpropust in `cat /etc/htb/rule_htb.conf|sed /"^#"/d|grep "maxpropust"`; do
max=`echo $maxpropust|tr "=" " "|awk {'print $2'}`
dev_max=`echo $maxpropust|tr "=" " "|awk {'print $3'}`
/sbin/tc qdisc del dev $dev_max root 2> /dev/null
/sbin/tc qdisc add dev $dev_max root handle 1 htb default 0 r2q 1
/sbin/tc class add dev $dev_max parent 1: classid 1:2 htb rate ${max}Kbit burst 15k
echo -n " $dev_max"
done
echo " .... hotovo"
echo -n "HTB: Nastavuji omezovaci pravidla "
for rule in `cat /etc/htb/rule_htb.conf|sed /"^#"/d|grep -v "maxpropust"|awk {'print $1"-"$2"-"$3"-"$4"-"$5"-"$6"-"$7'}`; do
echo -n "."
ip=`echo $rule|tr "-" " "|awk {'print $1'}`
# echo $ip
inet_dev=`echo $rule|tr "-" " "|awk {'print $2'}`
local_dev=`echo $rule|tr "-" " "|awk {'print $3'}`
in_line=`echo $rule|tr "-" " "|awk {'print $4'}`
out_line=`echo $rule|tr "-" " "|awk {'print $5'}`
sn=`echo $rule|tr "-" " "|awk {'print $6'}`
prim_slav=`echo $rule|tr "-" " "|awk {'print $7'}`
if [ "$local_dev" != "" ] ; then
iptables -t mangle -A FORWARD -o $inet_dev -s $ip -j MARK --set-mark 1${sn}399
iptables -t mangle -A FORWARD -o $inet_dev -s $ip -p icmp -j MARK --set-mark 1${sn}000
iptables -t mangle -A FORWARD -o $inet_dev -s $ip -p tcp -m tcp --sport 22 -j MARK --set-mark 1${sn}122
iptables -t mangle -A FORWARD -o $inet_dev -s $ip -p tcp -m tcp --dport 22 -j MARK --set-mark 1${sn}122
iptables -t mangle -A FORWARD -o $inet_dev -s $ip -p tcp -m multiport --dports 80,110,25,143,443,42 -j MARK --set-mark 1${sn}425
iptables -t mangle -A FORWARD -o $inet_dev -s $ip -p udp -m udp --dport 53 -j MARK --set-mark 1${sn}425
iptables -t mangle -A FORWARD -o $local_dev -d $ip -j MARK --set-mark ${sn}399
iptables -t mangle -A FORWARD -o $local_dev -d $ip -p icmp -j MARK --set-mark ${sn}000
iptables -t mangle -A FORWARD -o $local_dev -d $ip -p tcp -m tcp --sport 22 -j MARK --set-mark ${sn}122
iptables -t mangle -A FORWARD -o $local_dev -d $ip -p tcp -m tcp --dport 22 -j MARK --set-mark ${sn}122
iptables -t mangle -A FORWARD -o $local_dev -d $ip -p tcp -m multiport --sports 80,110,25,143,443,42 -j MARK --set-mark ${sn}425
iptables -t mangle -A FORWARD -o $local_dev -d $ip -p udp -m udp --sport 53 -j MARK --set-mark ${sn}425
fi
if [ "$prim_slav" == "p" ] ; then
poc_par=$(($poc_par+1))
tc class add dev $inet_dev parent 1:2 classid 1:1${poc_par} htb rate ${out_line}Kbit burst 15k
tc qdisc add dev $inet_dev parent 1:1${poc_par} handle 1${poc_par}:0 prio bands 4 priomap 0 0 0 1 1 1 2 2 2 3 3 3 3 3 3 3
tc qdisc add dev $inet_dev parent 1${poc_par}:1 handle 9${poc_par}1:0 sfq perturb 5
tc filter add dev $inet_dev parent 1:0 protocol ip prio 0 handle 1${sn}000 fw flowid 1:1${poc_par}
tc filter add dev $inet_dev parent 1${poc_par}:0 protocol ip prio 0 handle 1${sn}000 fw flowid 1${poc_par}:1
tc qdisc add dev $inet_dev parent 1${poc_par}:2 handle 9${poc_par}2:0 sfq perturb 5
tc filter add dev $inet_dev parent 1:0 protocol ip prio 0 handle 1${sn}122 fw flowid 1:1${poc_par}
tc filter add dev $inet_dev parent 1${poc_par}:0 protocol ip prio 0 handle 1${sn}122 fw flowid 1${poc_par}:2
tc qdisc add dev $inet_dev parent 1${poc_par}:3 handle 9${poc_par}3:0 sfq perturb 5
tc filter add dev $inet_dev parent 1:0 protocol ip prio 20 handle 1${sn}425 fw flowid 1:1${poc_par}
tc filter add dev $inet_dev parent 1${poc_par}:0 protocol ip prio 20 handle 1${sn}425 fw flowid 1${poc_par}:3
tc qdisc add dev $inet_dev parent 1${poc_par}:4 handle 9${poc_par}4:0 sfq perturb 5
tc filter add dev $inet_dev parent 1:0 protocol ip prio 200 handle 1${sn}399 fw flowid 1:1${poc_par}
tc filter add dev $inet_dev parent 1${poc_par}:0 protocol ip prio 200 handle 1${sn}399 fw flowid 1${poc_par}:4
tc class add dev $local_dev parent 1:2 classid 1:1${poc_par} htb rate ${in_line}Kbit burst 15k
tc qdisc add dev $local_dev parent 1:1${poc_par} handle 1${poc_par}:0 prio bands 4 priomap 0 0 0 1 1 1 2 2 2 3 3 3 3 3 3 3
tc qdisc add dev $local_dev parent 1${poc_par}:1 handle 9${poc_par}1:0 sfq perturb 5
tc filter add dev $local_dev parent 1:0 protocol ip prio 0 handle ${sn}000 fw flowid 1:1${poc_par}
tc filter add dev $local_dev parent 1${poc_par}:0 protocol ip prio 0 handle ${sn}000 fw flowid 1${poc_par}:1
tc qdisc add dev $local_dev parent 1${poc_par}:2 handle 9${poc_par}2:0 sfq perturb 5
tc filter add dev $local_dev parent 1:0 protocol ip prio 0 handle ${sn}122 fw flowid 1:1${poc_par}
tc filter add dev $local_dev parent 1${poc_par}:0 protocol ip prio 0 handle ${sn}122 fw flowid 1${poc_par}:2
tc qdisc add dev $local_dev parent 1${poc_par}:3 handle 9${poc_par}3:0 sfq perturb 5
tc filter add dev $local_dev parent 1:0 protocol ip prio 20 handle ${sn}425 fw flowid 1:1${poc_par}
tc filter add dev $local_dev parent 1${poc_par}:0 protocol ip prio 20 handle ${sn}425 fw flowid 1${poc_par}:3
tc qdisc add dev $local_dev parent 1${poc_par}:4 handle 9${poc_par}4:0 sfq perturb 5
tc filter add dev $local_dev parent 1:0 protocol ip prio 200 handle ${sn}399 fw flowid 1:1${poc_par}
tc filter add dev $local_dev parent 1${poc_par}:0 protocol ip prio 200 handle ${sn}399 fw flowid 1${poc_par}:4
fi
done
echo " hotovo"
echo "HTB: Omezovani je spusteno"
30.10.2006 09:09
n3oklan | skóre: 4
| blog: n3oklan
| Rumburk
Tiskni
Sdílej:
ISSN 1214-1267, (c) 1999-2007 Stickfish s.r.o.