以下只是一个想法,因为我是流量整形的新手.它不是一个工作或完整的脚本,并且缺少tc部分或类似物品以及许多其他必需品……它只是作为一种好奇心呈现,我现在没有时间完成……
cron脚本每分钟运行一次
cron * * * * * sh /path/to/bitshaper.sh /path/to/whitelist /path/to/blacklist
bitshaper.sh
#!/bin/sh
## limit 1MB
limit=1000000
## ip addresses that are unrestricted
WHITELIST=`cat "$1"`
## ip addresses that are throttled immediately
BLACKLIST=`cat "$2"`
## chain...when routing it'll be FORWARD, otherwise use INPUT for playing
CHAIN='INPUT'
## working directory
WD=/var/tmp/bitshaper
mkdir "$WD" 2> /dev/null && cd "$WD"
## create unique CHAIN name so we can easily identify with iptables -L
## rules for monitoring bytes now should have a target of -j $RULE_ID
RULE_ID='BITSHAPER'
iptables -N $RULE_ID 2> /dev/null
## get byte count stats
STATS=`iptables -L "$CHAIN" -vn | tail -n +3`
## get dhcpd leases
HOSTS=`grep -E '^lease ' /var/lib/dhcp/dhcpd.leases | tr -d '[a-z {]' | sort -u`
for host in $HOSTS; do
case $WHITELIST in *$host*) continue;; esac
success=false
for stat in "$STATS"; do
## $RULE_ID has to be specific enough to not match anything else
case $stat in *${RULE_ID}*${host}*)
success=true
tmp=${stat#*[0-9] }
bytes=${tmp%% *}
[ $bytes -gt $limit ] && {
# use tc to shape traffic
}
break
;;
esac
done
if [ $success = 'false' ]; then
## have host but no firewall rule, add one to track usage
iptables -t filter -A $CHAIN -s $host -j $RULE_ID
fi
done
## blacklist host here or somewhere
275
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
