脚本1:
限制会话数
#!/bin/sh
INET=192.168.0.
IPS=1
IPE=253
IDEV=eth1
ODEV=eth0
COUNTER=$IPS
while [ $COUNTER -lt $IPE ]
do
iptables -A FORWARD -i $IDEV -s $INET$COUNTER -m iplimit --iplimit-above 2 -j REJECT
COUNTER=` expr $COUNTER + 1 `
done
限制穿透本机FORWARD链的192.168.0.0/24的每个IP并发连接数不超过2个,超过的被拒绝
脚本2:
针对每个ip限制带宽
#!/bin/bash
tc qdisc del dev eth0 root 2>/dev/null
tc qdisc del dev eth0 ingress 2>/dev/null
tc qdisc del dev eth1 root 2>/dev/null
tc qdisc del dev eth1 ingress 2>/dev/null
DOWNLOAD=128Kbit
UPLOAD=128Kbit
INET=192.168.0.
IPS=1
IPE=253
IDEV=eth1
ODEV=eth0
tc qdisc add dev eth1 root handle 10: cbq bandwidth 100Mbit avpkt 1000
tc qdisc add dev eth0 root handle 20: cbq bandwidth 100Mbit avpkt 1000
tc
class add dev eth1 parent 10:0 classid 10:1 cbq bandwidth 100Mbit rate
100Mbit allot 1514 weight 1Mbit prio 8 maxburst 20 avpkt 1000
tc
class add dev eth0 parent 20:0 classid 20:1 cbq bandwidth 100Mbit rate
100Mbit allot 1514 weight 1024Kbit prio 8 maxburst 20 avpkt 1000
COUNTER=$IPS
while [ $COUNTER -le $IPE ]
do
tc
class add dev $IDEV parent 10:1 classid 10:1$COUNTER cbq bandwidth
100Mbit rate $DOWNLOAD allot 1514 weight 20Kbit prio 5 maxburst 20
avpkt 1000 bounded
tc qdisc add dev $IDEV parent 10:1$COUNTER sfq quantum 1514b perturb 15
tc filter add dev $IDEV parent 10:0 protocol ip prio 100 u32 match ip dst $INET$COUNTER flowid 10:1$COUNTER
COUNTER=` expr $COUNTER + 1 `
done
COUNTER=$IPS
while [ $COUNTER -le $IPE ]
do
tc
class add dev $ODEV parent 20:1 classid 20:1$COUNTER cbq bandwidth
1Mbit rate $UPLOAD allot 1514 weight 4Kbit prio 5 maxburst 20 avpkt
1000 bounded
tc qdisc add dev $ODEV parent 20:1$COUNTER sfq quantum 1514b perturb 15
tc filter add dev $ODEV parent 20:0 protocol ip prio 100 handle $COUNTER fw classid 20:1$COUNTER
COUNTER=` expr $COUNTER + 1 `
done
COUNTER=$IPS
while [ $COUNTER -lt $IPE ]
do
iptables -t mangle -A PREROUTING -i $IDEV -s $INET$COUNTER -j MARK --set-mark $COUNTER
COUNTER=` expr $COUNTER + 1 `
done
阅读(759) | 评论(0) | 转发(0) |