自定义规则如下
#!/bin/sh
ipfw -q flush
fluxSize="400Kbit/s"
ipfw add 00400 divert natd ip from any to any via vr0
ipfw add 00001 deny log ip from any to any ipoptions rr
ipfw add 00002 deny log ip from any to any ipoptions ts
ipfw add 00003 deny log ip from any to any ipoptions ssrr
ipfw add 00004 deny log ip from any to any ipoptions lsrr
#ipfw add 00005 deny tcp from any to any in tcp flags syn,fin
###### TCP ######
ipfw add 19997 check-state
ipfw add 19998 allow tcp from any to any out keep-state setup
ipfw add 19999 allow tcp from any to any out
#ipfw add 901 pipe 1 tcp from any to 192.168.0.254 80
#ipfw pipe 1 config bw 20Kbit/s
#ipfw add 902 pipe 2 tcp from 192.168.0.254 80 to any
#ipfw pipe 2 config bw 20Kbit/s
###### UDP ######
ipfw add 20001 allow udp from any 53 to me in recv vr0
ipfw add 20002 allow udp from any to 123.185.9.251 53 in recv vr0
ipfw add 29999 allow udp from any to any out
#ipfw add 903 pipe 3 udp from 192.168.0.254 to any
#ipfw pipe 3 config bw 20Kbit/s
#ipfw add 904 pipe 4 udp from any to 192.168.0.254
#ipfw pipe 4 config bw 20Kbit/s
###### ICMP ######
ipfw add 30000 allow icmp from any to any icmptypes 3
ipfw add 30001 allow icmp from any to any icmptypes 4
ipfw add 30002 allow icmp from any to any icmptypes 8 out
ipfw add 30003 allow icmp from any to any icmptypes 0 in
ipfw add 30004 allow icmp from any to any icmptypes 11 in
###### LAN ######
ipfw add 40000 allow all from 192.168.0.0/16 to any
ipfw add 40001 allow all from any to 192.168.0.0/16
######rules######
#ipfw add 905 pipe 5 MAC MAC地址 any out
#ipfw add 906 pipe 6 MAC any MAC地址 in
#ipfw pipe 5 config bw ${fluxSize}
#ipfw pipe 6 config bw ${fluxSize}
#ipfw add 907 pipe 7 MAC MAC地址 any out
#ipfw add 908 pipe 8 MAC any MAC地址 in
#ipfw pipe 7 config bw ${fluxSize}
#ipfw pipe 8 config bw ${fluxSize}
#ipfw add 909 pipe 9 MAC MAC地址 any out
#ipfw add 910 pipe 10 MAC any MAC地址 in
#ipfw pipe 9 config bw ${fluxSize}
#ipfw pipe 10 config bw ${fluxSize}
#ipfw add 911 pipe 11 MAC MAC地址 any out
#ipfw add 912 pipe 12 MAC any MAC地址 in
#ipfw pipe 11 config bw ${fluxSize}
#ipfw pipe 12 config bw ${fluxSize}
#ipfw add 913 pipe 13 MAC MAC地址 any out
#ipfw add 914 pipe 14 MAC any MAC地址 in
#ipfw pipe 13 config bw ${fluxSize}
#ipfw pipe 14 config bw ${fluxSize}
#ipfw add 915 pipe 15 MAC MAC地址 any out
#ipfw add 916 pipe 16 MAC any MAC地址 in
#ipfw pipe 15 config bw ${fluxSize}
#ipfw pipe 16 config bw ${fluxSize}
#ipfw add 917 pipe 17 MAC MAC地址 any out
#ipfw add 918 pipe 18 MAC any MAC地址 in
#ipfw pipe 17 config bw ${fluxSize}
#ipfw pipe 18 config bw ${fluxSize}
#ipfw add 919 pipe 19 MAC MAC地址 any out
#ipfw add 920 pipe 20 MAC any MAC地址 in
#ipfw pipe 19 config bw ${fluxSize}
#ipfw pipe 20 config bw ${fluxSize}
#ipfw add 921 pipe 21 MAC MAC地址 any out
#ipfw add 922 pipe 22 MAC any MAC地址 in
#ipfw pipe 21 config bw ${fluxSize}
#ipfw pipe 22 config bw ${fluxSize}
#ipfw add 923 pipe 23 MAC MAC地址 any out
#ipfw add 924 pipe 24 MAC any MAC地址 in
#ipfw pipe 23 config bw ${fluxSize}
#ipfw pipe 24 config bw ${fluxSize}
#ipfw add 925 pipe 25 MAC MAC地址 any out
#ipfw add 926 pipe 26 MAC any MAC地址 in
#ipfw pipe 25 config bw ${fluxSize}
#ipfw pipe 26 config bw ${fluxSize}
#ipfw add 927 pipe 27 MAC MAC地址 any out
#ipfw add 928 pipe 28 MAC any MAC地址 in
#ipfw pipe 27 config bw ${fluxSize}
#ipfw pipe 28 config bw ${fluxSize}
#ipfw add 929 pipe 29 MAC MAC地址 any out
#ipfw add 930 pipe 30 MAC any MAC地址 in
#ipfw pipe 29 config bw ${fluxSize}
#ipfw pipe 30 config bw ${fluxSize}
#ipfw add 931 pipe 31 MAC MAC地址 any out
#ipfw add 932 pipe 32 MAC any MAC地址 in
#ipfw pipe 31 config bw ${fluxSize}
#ipfw pipe 32 config bw ${fluxSize}
#ipfw add 933 pipe 33 MAC MAC地址 any out
#ipfw add 934 pipe 34 MAC any MAC地址 in
#ipfw pipe 33 config bw ${fluxSize}
#ipfw pipe 34 config bw ${fluxSize}
#ipfw add 933 pipe 33 MAC MAC地址 any out
#ipfw add 934 pipe 34 MAC any MAC地址 in
#ipfw pipe 33 config bw ${fluxSize}
#ipfw pipe 34 config bw ${fluxSize}
我找了一台机器测试,下载速度在40K左右,但打开某些网页速度很慢,而且还有没限制的机器上网也很慢,不知道是不是和规则有关,请高手指点(现在暂时把规则屏蔽了)。
--------------------next---------------------
阅读(664) | 评论(0) | 转发(0) |
