https://wiki.if.ufrgs.br/index.php?action=history&feed=atom&title=C%C3%B3pia_do_script_de_QoS
Cópia do script de QoS - Histórico de revisão
2026-06-16T11:39:57Z
Histórico de revisões para esta página neste wiki
MediaWiki 1.39.4
https://wiki.if.ufrgs.br/index.php?title=C%C3%B3pia_do_script_de_QoS&diff=315&oldid=prev
Magnos: Criou página com ' #!/bin/bash comando=$1 option=$2 controle() { ##- Carrega as variaveis -## variaveis ##------------------------## case $comando in firewall) iptables_script ;; qos) qos…'
2009-12-02T18:34:53Z
<p>Criou página com ' #!/bin/bash comando=$1 option=$2 controle() { ##- Carrega as variaveis -## variaveis ##------------------------## case $comando in firewall) iptables_script ;; qos) qos…'</p>
<p><b>Página nova</b></p><div> #!/bin/bash<br />
comando=$1<br />
option=$2<br />
controle() {<br />
##- Carrega as variaveis -##<br />
variaveis<br />
##------------------------##<br />
case $comando in<br />
firewall) iptables_script ;;<br />
qos) qos_script ;;<br />
*) echo "###- ERRO -### #- Comando de entrada errado para script de QoS. Usage: firewall; qos (start|stop|restart)"; exit 1 ;;<br />
esac<br />
}<br />
variaveis() {<br />
##- MARK adicionado aos pacotes<br />
MARKPRIO1="0x1" <br />
MARKPRIO2="0x2" <br />
MARKPRIO3="0x3" <br />
MARKPRIO4="0x4" <br />
MARKPRIO5="0x5" <br />
MARKPRIO6="0x6"<br />
##- Velocidades Limites Upload/Download<br />
download_limit='100000kbit'<br />
upload_limit='100000kbit'<br />
#- Download -#<br />
prio_1_band='36333kbit'<br />
prio_1_band_limit='100000kbit'<br />
prio_3_band='30333kbit'<br />
prio_3_band_limit='85000kbit'<br />
prio_5_band='30333kbit'<br />
prio_5_band_limit='75000kbit'<br />
#- Upload -#<br />
prio_2_band='36333kbit'<br />
prio_2_band_limit='100000kbit'<br />
prio_4_band='30333kbit'<br />
prio_4_band_limit='85000kbit'<br />
prio_6_band='30333kbit'<br />
prio_6_band_limit='75000kbit'<br />
## Interface de rede interna<br />
int_if='eth1'<br />
## Interface de rede externa<br />
ext_if='eth2'<br />
}<br />
<br />
iptables_script() {<br />
###- MARCANDO PACOTES para QoS - divisao de banda download/upload<br />
#<br />
####- Limpar Tabela MANGLE<br />
IPTABLES -t mangle -F<br />
IPTABLES -t mangle -X<br />
IPTABLES -t mangle -Z<br />
####- Prioridade 1<br />
#- ICMP"<br />
IPTABLES -t mangle -A PREROUTING -p icmp -j MARK --set-mark $MARKPRIO1<br />
########---- PRIORIDADES DE DOWNLOAD ----########<br />
####- Prioridade 1<br />
##- Cameras de vigilancia ADM<br />
#IP e Porta do servidor das cameras: 192.168.64.249.50450<br />
IPTABLES -t mangle -A PREROUTING -s 192.168.64.249 -j MARK --set-mark $MARKPRIO1<br />
IPTABLES -t mangle -A PREROUTING -d 192.168.64.0/24 -j MARK --set-mark $MARKPRIO1<br />
IPTABLES -t mangle -A PREROUTING -d 192.168.67.0/24 -j MARK --set-mark $MARKPRIO1<br />
#- DNS<br />
IPTABLES -t mangle -A PREROUTING -p udp --sport 53 -j MARK --set-mark $MARKPRIO1<br />
#- LDAP<br />
IPTABLES -t mangle -A PREROUTING -p udp --sport 389 -j MARK --set-mark $MARKPRIO1<br />
#- IMPRESSORAS<br />
IPTABLES -t mangle -A PREROUTING -p udp --sport 631 -j MARK --set-mark $MARKPRIO1<br />
IPTABLES -t mangle -A PREROUTING -s 10.0.0.1 -j MARK --set-mark $MARKPRIO1<br />
IPTABLES -t mangle -A PREROUTING -d 10.0.0.2 -j MARK --set-mark $MARKPRIO1<br />
IPTABLES -t mangle -A PREROUTING -d 10.0.0.3 -j MARK --set-mark $MARKPRIO1<br />
IPTABLES -t mangle -A PREROUTING -d 10.0.0.4 -j MARK --set-mark $MARKPRIO1<br />
####- Prioridade 3<br />
#- HTTP<br />
IPTABLES -t mangle -A PREROUTING -p tcp --sport 80 -j MARK --set-mark $MARKPRIO3<br />
IPTABLES -t mangle -A PREROUTING -p tcp --sport 8080 -j MARK --set-mark $MARKPRIO3<br />
#- HTTPS<br />
IPTABLES -t mangle -A PREROUTING -p tcp --sport 443 -j MARK --set-mark $MARKPRIO3<br />
#- Proxy<br />
IPTABLES -t mangle -A PREROUTING -p tcp --sport 3128 -j MARK --set-mark $MARKPRIO3<br />
<br />
####- Prioridade 5<br />
#- SSH<br />
IPTABLES -t mangle -A PREROUTING -p tcp --sport 22 -j MARK --set-mark $MARKPRIO5<br />
#- Todo o restante<br />
IPTABLES -t mangle -A PREROUTING -d 143.54.196.0/24 -j MARK --set-mark $MARKPRIO5<br />
IPTABLES -t mangle -A PREROUTING -d 143.54.197.0/24 -j MARK --set-mark $MARKPRIO5<br />
IPTABLES -t mangle -A PREROUTING -d 143.54.198.0/24 -j MARK --set-mark $MARKPRIO5<br />
IPTABLES -t mangle -A PREROUTING -d 143.54.199.0/24 -j MARK --set-mark $MARKPRIO5<br />
########---- FIM DAS PRIORIDADES DE DOWNLOAD ----########<br />
#<br />
########---- PRIORIDADES DE UPLOAD ----########<br />
####- Prioridade 2<br />
#- Cameras de vigilancia ADM<br />
#IP e Porta do servidor das cameras: 192.168.64.249.50450<br />
IPTABLES -t mangle -A PREROUTING -d 192.168.64.249 -j MARK --set-mark $MARKPRIO2<br />
IPTABLES -t mangle -A PREROUTING -s 192.168.64.0/24 -j MARK --set-mark $MARKPRIO2<br />
IPTABLES -t mangle -A PREROUTING -s 192.168.67.0/24 -j MARK --set-mark $MARKPRIO2<br />
#- DNS<br />
IPTABLES -t mangle -A PREROUTING -p udp --dport 53 -j MARK --set-mark $MARKPRIO2<br />
#- LDAP<br />
IPTABLES -t mangle -A PREROUTING -p udp --dport 389 -j MARK --set-mark $MARKPRIO2<br />
#- IMPRESSORAS<br />
IPTABLES -t mangle -A PREROUTING -p udp --dport 631 -j MARK --set-mark $MARKPRIO2<br />
IPTABLES -t mangle -A PREROUTING -d 10.0.0.1 -j MARK --set-mark $MARKPRIO2<br />
IPTABLES -t mangle -A PREROUTING -s 10.0.0.2 -j MARK --set-mark $MARKPRIO1<br />
IPTABLES -t mangle -A PREROUTING -s 10.0.0.3 -j MARK --set-mark $MARKPRIO1<br />
IPTABLES -t mangle -A PREROUTING -s 10.0.0.4 -j MARK --set-mark $MARKPRIO1<br />
<br />
####- Prioridade 4<br />
#- HTTP<br />
IPTABLES -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark $MARKPRIO4<br />
IPTABLES -t mangle -A PREROUTING -p tcp --dport 8080 -j MARK --set-mark $MARKPRIO4<br />
#- HTTPS<br />
IPTABLES -t mangle -A PREROUTING -p tcp --dport 443 -j MARK --set-mark $MARKPRIO4<br />
#- Proxy<br />
IPTABLES -t mangle -A PREROUTING -p tcp --dport 3128 -j MARK --set-mark $MARKPRIO4<br />
<br />
####- Prioridade 6<br />
#- SSH<br />
IPTABLES -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark $MARKPRIO6<br />
#- Todo o restante"<br />
IPTABLES -t mangle -A PREROUTING -s 143.54.196.0/24 -j MARK --set-mark $MARKPRIO6<br />
IPTABLES -t mangle -A PREROUTING -s 143.54.197.0/24 -j MARK --set-mark $MARKPRIO6<br />
IPTABLES -t mangle -A PREROUTING -s 143.54.198.0/24 -j MARK --set-mark $MARKPRIO6<br />
IPTABLES -t mangle -A PREROUTING -s 143.54.199.0/24 -j MARK --set-mark $MARKPRIO6<br />
########---- FIM DAS PRIORIDADES DE UPLOAD ----########<br />
#<br />
###- FIM DE #- MARCANDO PACOTES para QoS - divisao de banda download/upload<br />
}<br />
#<br />
#<br />
#<br />
################# QoS SCRIPT ####################<br />
qos_script() {<br />
case $option in<br />
start) qos_script_start ;;<br />
stop) qos_script_stop ;;<br />
restart) qos_script_stop ; qos_script_start ;;<br />
*) echo "###- ERRO -### #- QoS_script, opcao invalida. Uilizar (start|stop|restart)" ; exit 1 ;;<br />
esac<br />
}<br />
<br />
qos_script_start() {<br />
####- Regras de QoS - Divisao de banda<br />
# Load modules<br />
modprobe sch_htb<br />
<br />
# Delete Queue Disciplines<br />
tc qdisc del dev $int_if root 2> /dev/null > /dev/null<br />
tc qdisc del dev $ext_if root 2> /dev/null > /dev/null<br />
<br />
# Specify queue discipline"<br />
tc qdisc add dev $int_if root handle 1:0 htb default 30<br />
tc qdisc add dev $ext_if root handle 1:0 htb default 60<br />
<br />
# Create Root Class<br />
#- Recebe as regras de DOWNLOAD (MARKPRIO impares 1,3 e 5)<br />
tc class add dev $int_if parent 1:0 classid 1:1 htb rate $upload_limit ceil $upload_limit<br />
#- Recebe as regras de UPLOAD (MARKPRIO pares 2,4 e 6)<br />
tc class add dev $ext_if parent 1:0 classid 1:1 htb rate $download_limit ceil $download_limit<br />
<br />
### Create Sub Classes<br />
#- DOWNLOAD"<br />
tc class add dev $int_if parent 1:1 classid 1:10 htb rate $prio_1_band ceil $prio_1_band_limit prio 1<br />
tc class add dev $int_if parent 1:1 classid 1:30 htb rate $prio_3_band ceil $prio_3_band_limit prio 3<br />
tc class add dev $int_if parent 1:1 classid 1:50 htb rate $prio_5_band ceil $prio_5_band_limit prio 5<br />
#- UPLOAD"<br />
tc class add dev $ext_if parent 1:1 classid 1:20 htb rate $prio_2_band ceil $prio_2_band_limit prio 2<br />
tc class add dev $ext_if parent 1:1 classid 1:40 htb rate $prio_4_band ceil $prio_4_band_limit prio 4<br />
tc class add dev $ext_if parent 1:1 classid 1:60 htb rate $prio_6_band ceil $prio_6_band_limit prio 6<br />
<br />
# Filter packets<br />
#- DOWNLOAD"<br />
tc filter add dev $int_if parent 1:0 protocol ip prio 1 handle $MARKPRIO1 fw classid 1:10<br />
tc filter add dev $int_if parent 1:0 protocol ip prio 3 handle $MARKPRIO3 fw classid 1:30<br />
tc filter add dev $int_if parent 1:0 protocol ip prio 5 handle $MARKPRIO5 fw classid 1:50<br />
#- UPLOAD"<br />
tc filter add dev $ext_if parent 1:0 protocol ip prio 2 handle $MARKPRIO2 fw classid 1:20<br />
tc filter add dev $ext_if parent 1:0 protocol ip prio 4 handle $MARKPRIO4 fw classid 1:40<br />
tc filter add dev $ext_if parent 1:0 protocol ip prio 6 handle $MARKPRIO6 fw classid 1:60<br />
<br />
# Add queuing disciplines<br />
#- DOWNLOAD"<br />
tc qdisc add dev $int_if parent 1:10 sfq perturb 5<br />
tc qdisc add dev $int_if parent 1:30 sfq perturb 5<br />
tc qdisc add dev $int_if parent 1:50 sfq perturb 5<br />
#- UPLOAD<br />
tc qdisc add dev $ext_if parent 1:20 sfq perturb 5<br />
tc qdisc add dev $ext_if parent 1:40 sfq perturb 5<br />
tc qdisc add dev $ext_if parent 1:60 sfq perturb 5<br />
####- FIM DE #- Regras de QoS - Divisao de banda<br />
}<br />
<br />
qos_script_stop() {<br />
###- Parando regras de QoS<br />
tc qdisc del dev $ext_if root 2> /dev/null > /dev/null<br />
tc qdisc del dev $int_if root 2> /dev/null > /dev/null<br />
###- FIM de Parando regras de QoS<br />
################# FIM DE QoS SCRIPT ####################<br />
#<br />
}<br />
controle</div>
Magnos