- 论坛徽章:
- 0
|
#!/bin/bash
start_routing(){
####
tc qdisc del dev eth0 root
tc qdisc add dev $DEV root handle 1: htb default 24
#########1.1
tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit ceil ${UPLINK}kbit prio 0
tc class add dev $DEV parent 1:1 classid 1:11 htb rate $[$UPLINK]kbit ceil ${UPLINK}kbit prio 1
######1.1.2
tc class add dev $DEV parent 1:1 classid 1:12 htb rate $[$UPLINK-150]kbit ceil ${UPLINK-50}kbit prio 2
##################1.2
tc class add dev $DEV parent 1: classid 1:2 htb rate $[$UPLINK-150]kbit prio 3
##################1.2.1
tc class add dev $DEV parent 1:2 classid 1:21 htb rate 100kbit ceil $[$UPLINK-150]kbit prio 4
tc class add dev $DEV parent 1:2 classid 1:22 htb rate 30kbit ceil $[$UPLINK-160]kbit prio 5
tc class add dev $DEV parent 1:2 classid 1:23 htb rate 15kbit ceil $[$UPLINK-170]kbit prio 6
tc class add dev $DEV parent 1:2 classid 1:24 htb rate 5kbit ceil $[$UPLINK-250]kbit prio 7
#
tc qdisc add dev $DEV parent 1:11 handle 111: sfq perturb 5
tc qdisc add dev $DEV parent 1:12 handle 112: sfq perturb 5
tc qdisc add dev $DEV parent 1:21 handle 121: sfq perturb 10
tc qdisc add dev $DEV parent 1:22 handle 122: sfq perturb 10
tc qdisc add dev $DEV parent 1:23 handle 133: sfq perturb 10
tc qdisc add dev $DEV parent 1:24 handle 124: sfq perturb 10
echo "done."
echo -n "Setting up Filters......"
#
#
tc filter add dev $DEV parent 1:0 protocol ip prio 1 handle 1 fw classid 1:11
tc filter add dev $DEV parent 1:0 protocol ip prio 2 handle 2 fw classid 1:12
tc filter add dev $DEV parent 1:0 protocol ip prio 3 handle 3 fw classid 1:21
tc filter add dev $DEV parent 1:0 protocol ip prio 4 handle 4 fw classid 1:22
tc filter add dev $DEV parent 1:0 protocol ip prio 5 handle 5 fw classid 1:23
tc filter add dev $DEV parent 1:0 protocol ip prio 6 handle 6 fw classid 1:24
echo ".done"
################## gen lei she zhi wan cheng ###########
}
start_mangle(){
##########biao shi shu ju bao###########
##########syn
iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
#############ping=icmp
iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p icmp -j RETURN
##################xiao yu 64kbit de bao
#iptables -t mangle -A PREROUTING -p tcp -m length --length :64 -j MARK --set-mark 2
#iptables -t mangle -A PREROUTING -p tcp -m length --length :64 -j RETURN
########################FTP ftp-data
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport ftp -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport ftp -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport ftp-data -j MARK --set-mark 5
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport ftp-data -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport ftp -j MARK --set-mark 8
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport ftp -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport ftp-data -j MARK --set-mark 8
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport ftp-data -j RETURN
############################open ssh#
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 22 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 22 -j RETURN
############################domain server#######3
iptables -t mangle -A PREROUTING -p udp -m udp --dport 53 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p udp -m udp --dport 53 -j RETURN
##################http
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -j MARK --set-mark 3
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j MARK --set-mark 8
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j RETURN
#####################https
## https
diptables -t mangle -A PREROUTING -p tcp -m tcp --dport 443 -j MARK --set-mark 3
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 443 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 443 -j MARK --set-mark 8
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 443 -j RETURN
######################mysql
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 3306 -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 3306 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 3306 -j MARK --set-mark 8
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 3306 -j RETURN
#####################done..
iptables -t mangle -A PREROUTING -i $DEV -j MARK --set-mark 6
echo "wan cheng biao shi"
}
stop_routing(){
echo -n "clear line all "
( tc qdisc del $DEV root && tc qdisc dev $DEV ingress && echo "clear line ok..")
}
stop_mangle(){
echo -n " stop mangle .iptables "
( iptables -t mangle -F && echo " stop mangle ok... ")
}
##----------------------开始脚本控制 ----------------------------------- //不知道该怎么写了。
# ||
# ||
# \ /
# V 这个是yum脚本的 控制 复制过来的 要改不会
RETVAL=0
start() {
echo -n $"Enabling nightly yum update: "
touch "$lockfile" && success || failure
RETVAL=$?
echo
}
stop() {
echo -n $"Disabling nightly yum update: "
rm -f "$lockfile" && success || failure
RETVAL=$?
echo
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|force-reload)
restart
;;
reload)
;;
condrestart)
[ -f "$lockfile" ] && restart
;;
status)
if [ -f $lockfile ]; then
echo $"Nightly yum update is enabled."
RETVAL=0
else
echo $"Nightly yum update is disabled."
RETVAL=3
fi
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}"
exit 1
esac
exit $RETVAL
有没有CENT OS 4.4 能用的脚本控制有的话给 推荐一下 还有我不会 编程类 要求简单一点 能停止和 开启 重启 就OK了 |
|
免费注册
发表于 2010-04-28 11:09