Erinevus lehekülje "Freebsd traffic shaping" redaktsioonide vahel
Allikas: Kuutõrvaja
| 29. rida: | 29. rida: | ||
| näide pf altq traffic shapingust koos tulemüüriga | näide pf altq traffic shapingust koos tulemüüriga | ||
| − | ext_if="fxp1" | + |  ext_if="fxp1" | 
| − | int_if="fxp0" | + |  int_if="fxp0" | 
| − | + | ||
| − | sourcetrack="keep state" | + |  sourcetrack="keep state" | 
| − | set optimization aggressive | + |  set optimization aggressive | 
| − | + | ||
| − | scrub in all | + |  scrub in all | 
| − | + | ||
| − | + |  192.168.1.0/24 download | |
| − | altq on $int_if cbq bandwidth 100Mb queue if1 | + |  altq on $int_if cbq bandwidth 100Mb queue if1 | 
| − | queue if1 bandwidth 100% cbq(rio ecn default) { a1, a2, a3 } | + |  queue if1 bandwidth 100% cbq(rio ecn default) { a1, a2, a3 } | 
| − | queue a1 bandwidth 512Kb cbq(rio ecn) 3 | + |  queue a1 bandwidth 512Kb cbq(rio ecn) 3 | 
| − | queue a2 bandwidth 512Kb cbq(rio ecn) 4 | + |  queue a2 bandwidth 512Kb cbq(rio ecn) 4 | 
| − | queue a3 bandwidth 512Kb cbq(rio ecn) 5 | + |  queue a3 bandwidth 512Kb cbq(rio ecn) 5 | 
|   link1 uplink |   link1 uplink | ||
| − | altq on $ext_if cbq bandwidth 100Mb queue eif1 | + |  altq on $ext_if cbq bandwidth 100Mb queue eif1 | 
| − | queue eif1 bandwidth 100% cbq(rio ecn default) { b1, b2, b3 } | + |  queue eif1 bandwidth 100% cbq(rio ecn default) { b1, b2, b3 } | 
| − | queue b1 bandwidth 256Kb cbq(rio ecn) 7 | + |  queue b1 bandwidth 256Kb cbq(rio ecn) 7 | 
| − | queue b2 bandwidth 256Kb cbq(rio ecn) 4 | + |  queue b2 bandwidth 256Kb cbq(rio ecn) 4 | 
| − | queue b3 bandwidth 256Kb cbq(rio ecn) 5 | + |  queue b3 bandwidth 256Kb cbq(rio ecn) 5 | 
| − | + | ||
|   link1-nat |   link1-nat | ||
| − | nat on $ext_if from 192.168.1.1 to any tag pc1 -> ($ext_if) | + |  nat on $ext_if from 192.168.1.1 to any tag pc1 -> ($ext_if) | 
| − | nat on $ext_if from 192.168.1.2 to any tag pc2 -> ($ext_if) | + |  nat on $ext_if from 192.168.1.2 to any tag pc2 -> ($ext_if) | 
| − | nat on $ext_if from 192.168.1.3 to any tag pc3 -> ($ext_if) | + |  nat on $ext_if from 192.168.1.3 to any tag pc3 -> ($ext_if) | 
| − | + | ||
| − | block log all label "blocked" | + |  block log all label "blocked" | 
| − | pass quick on lo0 all | + |  pass quick on lo0 all | 
| − | + | ||
|   192.168.1.0/24 && 192.168.2.0/24 sisemiste interfacede ip'ni piiramatul kiirusel traffic |   192.168.1.0/24 && 192.168.2.0/24 sisemiste interfacede ip'ni piiramatul kiirusel traffic | ||
| − | pass quick all tagged intnat keep state | + |  pass quick all tagged intnat keep state | 
| − | pass quick from 192.168.1.0/24 to $int_if keep state | + |  pass quick from 192.168.1.0/24 to $int_if keep state | 
| − | pass quick from 192.168.0.0/24 to $int_if keep state | + |  pass quick from 192.168.0.0/24 to $int_if keep state | 
| − | pass quick from $int_if to 192.168.0.0/24 keep state | + |  pass quick from $int_if to 192.168.0.0/24 keep state | 
| − | pass quick from $int_if to 192.168.1.0/24 keep state | + |  pass quick from $int_if to 192.168.1.0/24 keep state | 
| − | + | ||
|   link1-download |   link1-download | ||
| − | pass in quick from 192.168.1.1 to any $sourcetrack queue a1 label 192_168_1_1_down | + |  pass in quick from 192.168.1.1 to any $sourcetrack queue a1 label 192_168_1_1_down | 
| − | pass in quick from 192.168.1.2 to any $sourcetrack queue a2 label 192_168_1_2_down | + |  pass in quick from 192.168.1.2 to any $sourcetrack queue a2 label 192_168_1_2_down | 
| − | pass in quick from 192.168.1.3 to any $sourcetrack queue a3 label 192_168_1_3_down | + |  pass in quick from 192.168.1.3 to any $sourcetrack queue a3 label 192_168_1_3_down | 
| − | + | ||
|   link1-upload |   link1-upload | ||
| − | pass out quick tagged pc1 $sourcetrack queue b1 label 192_168_1_1_up | + |  pass out quick tagged pc1 $sourcetrack queue b1 label 192_168_1_1_up | 
| − | pass out quick tagged pc2 $sourcetrack queue b2 label 192_168_1_2_up | + |  pass out quick tagged pc2 $sourcetrack queue b2 label 192_168_1_2_up | 
| − | pass out quick tagged pc3 $sourcetrack queue b3 label 192_168_1_3_up | + |  pass out quick tagged pc3 $sourcetrack queue b3 label 192_168_1_3_up | 
| − | + | ||
| − | pass in inet proto icmp all keep state | + |  pass in inet proto icmp all keep state | 
| − | pass out inet proto icmp all keep state | + |  pass out inet proto icmp all keep state | 
| − | + | ||
| − | + |  pass quick on $ext_if proto udp from $ext_if to any port 53 keep state | |
| − | pass quick on $ext_if proto udp from $ext_if to any port 53 keep state | + |  pass quick on $int_if proto udp from $ext_if to any port 53 keep state | 
| − | pass quick on $int_if proto udp from $ext_if to any port 53 keep state | ||
| − | |||
|   block nmap's fingerprinting attempt(FIN, URG, PSH) |   block nmap's fingerprinting attempt(FIN, URG, PSH) | ||
| − | block in quick on $ext_if inet proto tcp from any to any flags FUP/FUP | + |  block in quick on $ext_if inet proto tcp from any to any flags FUP/FUP | 
| − | + | ||
| − | pass in on $ext_if proto tcp from any to any port > 49151 keep state | + |  pass in on $ext_if proto tcp from any to any port > 49151 keep state | 
| − | + | ||
| − | pass in on $ext_if proto tcp from any to $ext_if port 22 keep state | + |  pass in on $ext_if proto tcp from any to $ext_if port 22 keep state | 
| − | pass in on $ext_if proto tcp from any to $ext_if port 21 keep state | + |  pass in on $ext_if proto tcp from any to $ext_if port 21 keep state | 
| − | pass in on $ext_if proto tcp from any to $ext_if port 80 keep state | + |  pass in on $ext_if proto tcp from any to $ext_if port 80 keep state | 
| − | + | ||
| − | pass in inet proto gre all keep state | + |  pass in inet proto gre all keep state | 
| − | pass out inet proto gre all keep state | + |  pass out inet proto gre all keep state | 
| − | + | ||
| − | pass quick proto ipv6 all keep state | + |  pass quick proto ipv6 all keep state | 
| − | pass quick on gif0 all | + |  pass quick on gif0 all | 
| − | + | ||
| − | + |  pass out on $ext_if proto { tcp, udp } all keep state | |
| − | pass out on $ext_if proto { tcp, udp } all keep state | ||
Redaktsioon: 6. august 2006, kell 14:04
ipfw ja dummynet
kldload ipfw kldload dummynet
#!/bin/sh i="/sbin/ipfw -q" $i -f flush $i -f pipe flush $i pipe 1 config bw 55KB/s $i pipe 2 config bw 70KB/s $i pipe 3 config bw 12KB/s $i add 1 pipe 1 ip from 192.168.1.2 to any $i add 2 pipe 1 ip from 192.168.1.3 to any $i add 3 pipe 1 ip from 192.168.1.4 to any $i add 4 pipe 1 ip from 192.168.1.5 to any $i add allow ip from any to any
lihtne skript piirab uploadi
pf ja altq
näide pf altq traffic shapingust koos tulemüüriga
ext_if="fxp1"
int_if="fxp0"
sourcetrack="keep state"
set optimization aggressive
scrub in all
192.168.1.0/24 download
altq on $int_if cbq bandwidth 100Mb queue if1
queue if1 bandwidth 100% cbq(rio ecn default) { a1, a2, a3 }
queue a1 bandwidth 512Kb cbq(rio ecn) 3
queue a2 bandwidth 512Kb cbq(rio ecn) 4
queue a3 bandwidth 512Kb cbq(rio ecn) 5
link1 uplink
altq on $ext_if cbq bandwidth 100Mb queue eif1
queue eif1 bandwidth 100% cbq(rio ecn default) { b1, b2, b3 }
queue b1 bandwidth 256Kb cbq(rio ecn) 7
queue b2 bandwidth 256Kb cbq(rio ecn) 4
queue b3 bandwidth 256Kb cbq(rio ecn) 5
link1-nat
nat on $ext_if from 192.168.1.1 to any tag pc1 -> ($ext_if)
nat on $ext_if from 192.168.1.2 to any tag pc2 -> ($ext_if)
nat on $ext_if from 192.168.1.3 to any tag pc3 -> ($ext_if)
block log all label "blocked"
pass quick on lo0 all
192.168.1.0/24 && 192.168.2.0/24 sisemiste interfacede ip'ni piiramatul kiirusel traffic
pass quick all tagged intnat keep state
pass quick from 192.168.1.0/24 to $int_if keep state
pass quick from 192.168.0.0/24 to $int_if keep state
pass quick from $int_if to 192.168.0.0/24 keep state
pass quick from $int_if to 192.168.1.0/24 keep state
link1-download
pass in quick from 192.168.1.1 to any $sourcetrack queue a1 label 192_168_1_1_down
pass in quick from 192.168.1.2 to any $sourcetrack queue a2 label 192_168_1_2_down
pass in quick from 192.168.1.3 to any $sourcetrack queue a3 label 192_168_1_3_down
link1-upload
pass out quick tagged pc1 $sourcetrack queue b1 label 192_168_1_1_up
pass out quick tagged pc2 $sourcetrack queue b2 label 192_168_1_2_up
pass out quick tagged pc3 $sourcetrack queue b3 label 192_168_1_3_up
pass in inet proto icmp all keep state
pass out inet proto icmp all keep state
pass quick on $ext_if proto udp from $ext_if to any port 53 keep state
pass quick on $int_if proto udp from $ext_if to any port 53 keep state
block nmap's fingerprinting attempt(FIN, URG, PSH)
block in quick on $ext_if inet proto tcp from any to any flags FUP/FUP
pass in on $ext_if proto tcp from any to any port > 49151 keep state
pass in on $ext_if proto tcp from any to $ext_if port 22 keep state
pass in on $ext_if proto tcp from any to $ext_if port 21 keep state
pass in on $ext_if proto tcp from any to $ext_if port 80 keep state
pass in inet proto gre all keep state
pass out inet proto gre all keep state
pass quick proto ipv6 all keep state
pass quick on gif0 all
pass out on $ext_if proto { tcp, udp } all keep state

