tylko jak teraz dodac ten drugi zakres, czy trzeba dodac kolejna linijke jak ta ostatnia, czy moze da sie to zagniezdzic w tej, zeby nie marnowac miejsca
edit 2 :
rozwiazalem to w prostszy sposob, a mianowicie to ip ktore ma nie byc brane do reguly, polecialo na koniec listy, dzieki czemu mam jeden spojny zakres ip B)
Edytowany przez eRd dnia 14-08-2007 00:19
WRT54GL v 1.1 Tomato Firmware 1.28.0005 108 ND VPN + 11 użyszkodników na kablu + 1 wifi
Netgear WNR3500L v1 @500MHz Tomato Firmware 1.28.0000 MIPSR2-108 K26 USB BTgui-VPN
PAP2T soft 5.1.6 LS / IPFON Zotac HD-ID11 (ION2),
TCA="tc class add dev br0"
TFA="tc filter add dev br0"
tc qdisc del dev br0 root
tc qdisc add dev br0 root handle 1: htb default 99
tc class add dev br0 parent 1: classid 1:1 htb rate 5300kbit
$TCA parent 1:1 classid 1:10 htb rate 243kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:11 htb rate 80kbit ceil 80kbit prio 0
$TCA parent 1:1 classid 1:12 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:13 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:14 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:15 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:16 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:17 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:18 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:19 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:20 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:21 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:22 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:23 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:24 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:25 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:26 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:27 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:28 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:29 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:30 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:31 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:32 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:99 htb rate 1kbit ceil 1kbit
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:10
$TFA parent 1:0 protocol ip prio 0 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:11
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:13
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:14
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:15
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:16
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:17
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:18
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:19
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:20
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:21
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:22
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:23
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:24
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:25
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:26
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:27
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:28
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:29
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:30
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:31
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x00 0xFFFF at -14 flowid 1:32
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
iptables -I FORWARD -m mac --mac-source [mac klienta] -p tcp -m connlimit --connlimit-above 200 -j DROP
jest troche dlugi jakby moe bylo ;) Dlatego prosilbym o jego skrocenie osoby bardziej siedzace w temacie B)
Poczytalem na forum i natrafilem na post kolegi qba i oto co powstalo ;) Troche pomogl mi qba, ale nie jestem pewny czy wszystko juz jest ok...
Jeśli stworzyłeś zakresy adresów IP to nie ma problemu. Powinno działać - nie wiem czy sam generowałeś ten skrypt czy przez generator, ale stworzenie zakresów najszybciej i najłatwiej skraca skrypt i czasami jest to nawet do 50-70%.
Jeśli działa to nie ma się czym martwić.
po dlugich testach i modyfikacjach (dobrze ze mam drugi WRT ktory aktualnie lezy i czeka na montaz u brata) dotarlem do celu tak mi sie przynajmniej wydaje ;)
oto wynik:
TCA="tc class add dev br0"
TFA="tc filter add dev br0"
TQA="tc qdisc add dev br0"
SFQ="sfq perturb 10"
tc qdisc del dev br0 root
tc qdisc add dev br0 root handle 1: htb default 99
tc class add dev br0 parent 1: classid 1:1 htb rate 5300kbit
$TCA parent 1:1 classid 1:10 htb rate 243kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:11 htb rate 80kbit ceil 80kbit prio 0
$TCA parent 1:1 classid 1:12 htb rate 237kbit ceil 5300kbit prio 2
$TCA parent 1:1 classid 1:99 htb rate 1kbit ceil 1kbit
$TQA parent 1:10 handle 10: $SFQ
$TQA parent 1:11 handle 11: $SFQ
$TQA parent 1:12 handle 12: $SFQ
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:10
$TFA parent 1:0 protocol ip prio 0 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:11
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
$TFA parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x 0xFFFFFFFF at -12 match u16 0x 0xFFFF at -14 flowid 1:12
iptables -I FORWARD -m iprange --src-range 192.168.1.4-192.168.1.24 -p tcp -m connlimit --connlimit-above 200 -j DROP
ciekawy jestem tylko czy te klasy beda prawidlowo dzialac, bo nie jest tak latwo to sprawdzic...
wiem ze dziala net tylko dla tych mac'ow co chce, wypadaloby jeszcze sprawdzic czy limity transferow dzialaja na odpowiednich kompach, ale mam nadzieje ze tak.
Robsonn jesli mozesz powiedz czy w tych liniach z $TFA, jesli na koncu wpisalem np 1:12 to oznacza, ze dla tego mac'a bedzie 237kb gwarantowane i 5300 max? i czy moge wlasnie tak zrobic ze w kilku liniach jest na koncu 1:12? Dla mnie wyglada to na sensowne, prosilbym zebys zerknal na to czy zalozenia sa spelnione. Bardziej juz tego chyba sie nie da skrocic ;)
Edytowany przez eRd dnia 31-08-2007 12:46
WRT54GL v 1.1 Tomato Firmware 1.28.0005 108 ND VPN + 11 użyszkodników na kablu + 1 wifi
Netgear WNR3500L v1 @500MHz Tomato Firmware 1.28.0000 MIPSR2-108 K26 USB BTgui-VPN
PAP2T soft 5.1.6 LS / IPFON Zotac HD-ID11 (ION2),