用shell脚本自动添加基于mac地址的流量限制
在使用fw和u32过滤器限制基于客户mac地址的上传和下载速率时,由于客户端经常有新电脑接入,为了添加新的规则,经常要比较mac地址,为了省事写了个脚本自动添加未纳入限制的mac地址的新规则。
#!/bin/sh
#get fw unload mac
arp |grep eth2|
awk '{print $3"\t"$1}' >/tmp/tt
EE=`iptables -L -t mangle |grep MAC |
awk '{printf $7"#"}'`
awk '{if (!( match(v1,$1))){print $1} }' v1=$EE
/tmp/tt >/tmp/fwmac
#get u32 unload mac
DD=`tc filter ls dev eth2 |
grep -E 'at -16|at -12' |awk
'{if(NR%2==1){macstr=substr($2,1,8)macstr;}else{macstr="#"substr($2,5,4)mac
str;}}END{print
macstr}'`
awk '{if (!( match(v1,gsub(":","",$1)))){print $1} }' v1=$DD
/tmp/tt >/tmp/u32mac
#get max mark
iptables -L -t mangle| grep MARK |awk
'{print $10}' > /tmp/max
max=`awk '{if((max_val+0) <($1)) {
max_val=$1;}} END{print max_val}' /tmp/max`
#make fwscript
fw_num=` expr
$(($max)) + 1 `
if tc class ls dev eth0 | grep 100:1>/dev/null
2>&1
then
first=0
else
first=1
fi
awk 'BEGIN{
speed="80"
rul1_1="iptables -A PREROUTING -t
mangle -m mac --mac-source "
rul1_2=" -j MARK --set-mark "
rul2_1="tc
class add dev eth0 parent 100:1 classid 100:"
rul2_2=" cbq bandwidth 10Mbit
rate "
rul2_3="Kbit allot 1513 weight 8Kbit prio 6 maxburst 8 avpkt 1000
bounded"
rul3_1="tc qdisc add dev eth0 parent 100:"
rul3_2=" sfq quantum
1514b perturb 15"
rul4_1="tc filter add dev eth0 parent 100:0 protocol ip
prio 3 handle "
rul4_2=" fw classid 100:"
rul5_2="tc qdisc add dev eth0
root handle 100: cbq bandwidth 10Mbit avpkt 1000"
rul5_3="tc class add dev
eth0 parent 100:0 classid 100:1 cbq bandwidth 10Mbit rate 10Mbit allot 1514
weight 60Kbit prio 8 maxburst 8
avpkt 1000
bounded"
}
{{if((v3==1)&&(NR==1)){ print
rul5_2"\n"rul5_3;}} print rul1_1 $1 rul1_2 v2++"\n" rul2_1 v2 rul2_2
speed rul2_3 "\n"rul3_1 v2
rul3_2"\n"rul4_1 (v2+0-1) rul4_2 v2"\n" } '
v2=$fw_num v3=$first /tmp/fwmac >/tmp/fwmacadd
chmod u+x /tmp/fwmacadd
#/tmp/fwmacadd
#make u32script
if tc class ls dev eth2 |
grep 200:1>/dev/null
2>&1
then
first1=0
else
first1=1
fi
awk
'BEGIN{
speed2="700"
rul6_1="tc qdisc add dev eth2 root handle 200: cbq
bandwidth 10Mbit avpkt 1000"
rul6_2="tc class add dev eth2 parent 200:0
classid 200:1 cbq bandwidth 10Mbit rate 40000Kbit allot 1514 weight 200Kbit prio
8 maxbur
st 8 avpkt 1000 bounded"
rul7_1="tc class add dev eth2 parent
200:1 classid 200:"
rul7_2=" cbq bandwidth 10Mbit rate "
rul7_3="Kbit
allot 1513 weight 60Kbit prio 5 maxburst 8 avpkt 1000 bounded"
rul8_1="tc
qdisc add dev eth2 parent 200:"
rul8_2=" sfq quantum 1514b perturb
15"
rul9_1="tc filter add dev eth2 parent 200:0 protocol ip prio 5 u32 match
u16 0x0800 0xffff at -2 match u32 0x"
rul9_2=" 0xffffffff at -12 match u16
0x"
rul9_3=" 0xffff at -14 flowid
200:"
}
{{if((v5==1)&&(NR==1)){print rul6_1 "\n" rul6_2 "\n";}}
v4=v4+1; print rul7_1 v4 rul7_2 speed2 rul7_3 "\n" rul8_1 v4 rul8_2 "\n"
ru
l9_1 substr($1,5,8) rul9_2 substr($1,1,4) rul9_3 v4 "\n" }' v4=$fw_num
v5=$first1 /tmp/u32mac >/tmp/u32macadd
chmod u+x
/tmp/u32macadd
/tmp/u32macadd
rm /tmp/fwmacadd /tmp/fwmac /tmp/max /tmp/tt /tmp/u32macadd
/tmp/u32mac
该脚本可以加入crontab -e
*/6 * * * * /tmp/addmac
阅读(2530) | 评论(0) | 转发(0) |
