- 论坛徽章:
- 0
|
table <work_ip> {192.168.10.0/24}
deny_ports="{135, 137, 138, 139, 445}"
deny_address="{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }
boss_net="{192.168.10.240/28}
altq on $int_if cbq bandwidth 100% queue {work_ip,boss_net}
queue work_ip bandwidth 95%(default)
queue boss_net bandwidth 5% cbq(red)
pass in on $int_if inet from <work_ip> to any keep state \
(source-track rule, max-src-nodes 200, max-src-states 200, tcp.established 60, tcp.closing 5) queue low_in
pass in on $int_if inet from $boss_net to any keep state \
(source-track rule, max-src-nodes 200, max-src-states 200, tcp.established 60, tcp.closing 5) queue hi_in
#pass in on $int_if inet from $my_net to any keep state \
(source-track rule, max-src-nodes 200, max-src-states 200, tcp.established 60, tcp.closing 5) queue my_in
这样做集休限速,单IP线程,对吗。。。 |
|