CasonChan

摘要： u32过滤器一般使用ip地址作为匹配规则，但按照其定义，它可以匹配ip包头的任意地址，这里使用mac地址限制局域网的下载速度，避免客户端修改ip后其下载速度得不到控制。tc qdisc del dev eth2 roottc qdisc add dev eth2 root handle 200: c... 阅读全文

摘要： Quantum & r2qLet's assume we have 2 classes with the same parent :Parent : ceil = rate = 100class 1 : rate = 40 and ceil = 100class 2 : rate = 20 and ... 阅读全文

摘要： 这几天正在捣鼓防火墙，用到了hashlimit模块。Google了一圈发现相关的文档无论英文还是中文都很少，所以我就把自己的折腾的心得记录下来吧。hashlimit是iptables的一个匹配模块，用它结合iptables的其它命令可以实现限速的功能。（注意，单独hashlimit模块是无法限速的）... 阅读全文

摘要： # Examples that match MAC (a big "thank you" to Julian Anastasov for this!):M0 through M5 are the 6 bytes of the MAC address.Egress (match destination... 阅读全文

摘要： 设定规则iptables -p INPUT DROPiptables -p OUTPUT ACCEPTiptables -p FORWARD DROP1、防止外网用内网IP欺骗iptables -t nat -A PREROUTING -i eth0 -s 10.0.0.0/8 -j DROPipt... 阅读全文

摘要： I have a very nice shaper in my linux box :-)Howthe configuratorworks— it’s another question, here i will try to describe how one could configure her ... 阅读全文

摘要： ifbThe Intermediate Functional Block deviceis the successor to the IMQ iptables module that was never integrated.Advantage over current IMQ; cleaner i... 阅读全文

摘要： If you have a need for thousands of rules, for example if you have a lot of clients or computers, all with different QoS specifications, you may find ... 阅读全文

摘要： Theu32classifierThe U32 filter is the most advanced filter available in the current implementation. It entirely based on hashing tables, which make it... 阅读全文

摘要： OverviewThe u32 filter allows you to match on any bit field within a packet, so it is in some ways the most powerful filter provided by the Linux traf... 阅读全文