摘要:
u32过滤器一般使用ip地址作为匹配规则,但按照其定义,它可以匹配ip包头的任意地址,这里使用mac地址限制局域网的下载速度,避免客户端修改ip后其下载速度得不到控制。tc qdisc del dev eth2 roottc qdisc add dev eth2 root handle 200: c... 阅读全文
2015年12月9日
摘要:
Quantum & r2qLet's assume we have 2 classes with the same parent :Parent : ceil = rate = 100class 1 : rate = 40 and ceil = 100class 2 : rate = 20 and ... 阅读全文
摘要:
这几天正在捣鼓防火墙,用到了hashlimit模块。Google了一圈发现相关的文档无论英文还是中文都很少,所以我就把自己的折腾的心得记录下来吧。hashlimit是iptables的一个匹配模块,用它结合iptables的其它命令可以实现限速的功能。(注意,单独hashlimit模块是无法限速的)... 阅读全文
摘要:
# Examples that match MAC (a big "thank you" to Julian Anastasov for this!):M0 through M5 are the 6 bytes of the MAC address.Egress (match destination... 阅读全文
摘要:
设定规则iptables -p INPUT DROPiptables -p OUTPUT ACCEPTiptables -p FORWARD DROP1、防止外网用内网IP欺骗iptables -t nat -A PREROUTING -i eth0 -s 10.0.0.0/8 -j DROPipt... 阅读全文
摘要:
I have a very nice shaper in my linux box :-)Howthe configuratorworks— it’s another question, here i will try to describe how one could configure her ... 阅读全文
摘要:
ifbThe Intermediate Functional Block deviceis the successor to the IMQ iptables module that was never integrated.Advantage over current IMQ; cleaner i... 阅读全文
摘要:
If you have a need for thousands of rules, for example if you have a lot of clients or computers, all with different QoS specifications, you may find ... 阅读全文
摘要:
Theu32classifierThe U32 filter is the most advanced filter available in the current implementation. It entirely based on hashing tables, which make it... 阅读全文
摘要:
OverviewThe u32 filter allows you to match on any bit field within a packet, so it is in some ways the most powerful filter provided by the Linux traf... 阅读全文
