Cópia do script de QoS

De Instituto de Física - UFRGS
#!/bin/bash
comando=$1
option=$2
controle() {
##- Carrega as variaveis -##
variaveis
##------------------------##
case $comando in
firewall) iptables_script ;;
qos) qos_script ;;
*) echo "###- ERRO -### #- Comando de entrada errado para script de QoS. Usage: firewall; qos (start|stop|restart)"; exit 1 ;;
esac
}
variaveis() {
##- MARK adicionado aos pacotes
MARKPRIO1="0x1" 
MARKPRIO2="0x2" 
MARKPRIO3="0x3" 
MARKPRIO4="0x4" 
MARKPRIO5="0x5" 
MARKPRIO6="0x6"
##- Velocidades Limites Upload/Download
download_limit='100000kbit'
upload_limit='100000kbit'
#- Download -#
prio_1_band='36333kbit'
prio_1_band_limit='100000kbit'
prio_3_band='30333kbit'
prio_3_band_limit='85000kbit'
prio_5_band='30333kbit'
prio_5_band_limit='75000kbit'
#- Upload -#
prio_2_band='36333kbit'
prio_2_band_limit='100000kbit'
prio_4_band='30333kbit'
prio_4_band_limit='85000kbit'
prio_6_band='30333kbit'
prio_6_band_limit='75000kbit'
## Interface de rede interna
int_if='eth1'
## Interface de rede externa
ext_if='eth2'
}

iptables_script() {
###- MARCANDO PACOTES para QoS - divisao de banda download/upload
#
####- Limpar Tabela MANGLE
IPTABLES -t mangle -F
IPTABLES -t mangle -X
IPTABLES -t mangle -Z
####- Prioridade 1
#- ICMP"
IPTABLES -t mangle -A PREROUTING -p icmp -j MARK --set-mark $MARKPRIO1
########---- PRIORIDADES DE DOWNLOAD ----########
####- Prioridade 1
##- Cameras de vigilancia ADM
#IP e Porta do servidor das cameras: 192.168.64.249.50450
IPTABLES -t mangle -A PREROUTING -s 192.168.64.249 -j MARK --set-mark $MARKPRIO1
IPTABLES -t mangle -A PREROUTING -d 192.168.64.0/24 -j MARK --set-mark $MARKPRIO1
IPTABLES -t mangle -A PREROUTING -d 192.168.67.0/24 -j MARK --set-mark $MARKPRIO1
#- DNS
IPTABLES -t mangle -A PREROUTING -p udp --sport 53 -j MARK --set-mark $MARKPRIO1
#- LDAP
IPTABLES -t mangle -A PREROUTING -p udp --sport 389 -j MARK --set-mark $MARKPRIO1
#- IMPRESSORAS
IPTABLES -t mangle -A PREROUTING -p udp --sport 631 -j MARK --set-mark $MARKPRIO1
IPTABLES -t mangle -A PREROUTING -s 10.0.0.1 -j MARK --set-mark $MARKPRIO1
IPTABLES -t mangle -A PREROUTING -d 10.0.0.2 -j MARK --set-mark $MARKPRIO1
IPTABLES -t mangle -A PREROUTING -d 10.0.0.3 -j MARK --set-mark $MARKPRIO1
IPTABLES -t mangle -A PREROUTING -d 10.0.0.4 -j MARK --set-mark $MARKPRIO1
####- Prioridade 3
#- HTTP
IPTABLES -t mangle -A PREROUTING -p tcp --sport 80 -j MARK --set-mark $MARKPRIO3
IPTABLES -t mangle -A PREROUTING -p tcp --sport 8080 -j MARK --set-mark $MARKPRIO3
#- HTTPS
IPTABLES -t mangle -A PREROUTING -p tcp --sport 443 -j MARK --set-mark $MARKPRIO3
#- Proxy
IPTABLES -t mangle -A PREROUTING -p tcp --sport 3128 -j MARK --set-mark $MARKPRIO3

####- Prioridade 5
#- SSH
IPTABLES -t mangle -A PREROUTING -p tcp --sport 22 -j MARK --set-mark $MARKPRIO5
#- Todo o restante
IPTABLES -t mangle -A PREROUTING -d 143.54.196.0/24 -j MARK --set-mark $MARKPRIO5
IPTABLES -t mangle -A PREROUTING -d 143.54.197.0/24 -j MARK --set-mark $MARKPRIO5
IPTABLES -t mangle -A PREROUTING -d 143.54.198.0/24 -j MARK --set-mark $MARKPRIO5
IPTABLES -t mangle -A PREROUTING -d 143.54.199.0/24 -j MARK --set-mark $MARKPRIO5
########---- FIM DAS PRIORIDADES DE DOWNLOAD ----########
#
########---- PRIORIDADES DE UPLOAD ----########
####- Prioridade 2
#- Cameras de vigilancia ADM
#IP e Porta do servidor das cameras: 192.168.64.249.50450
IPTABLES -t mangle -A PREROUTING -d 192.168.64.249 -j MARK --set-mark $MARKPRIO2
IPTABLES -t mangle -A PREROUTING -s 192.168.64.0/24 -j MARK --set-mark $MARKPRIO2
IPTABLES -t mangle -A PREROUTING -s 192.168.67.0/24 -j MARK --set-mark $MARKPRIO2
#- DNS
IPTABLES -t mangle -A PREROUTING -p udp --dport 53 -j MARK --set-mark $MARKPRIO2
#- LDAP
IPTABLES -t mangle -A PREROUTING -p udp --dport 389 -j MARK --set-mark $MARKPRIO2
#- IMPRESSORAS
IPTABLES -t mangle -A PREROUTING -p udp --dport 631 -j MARK --set-mark $MARKPRIO2
IPTABLES -t mangle -A PREROUTING -d 10.0.0.1 -j MARK --set-mark $MARKPRIO2
IPTABLES -t mangle -A PREROUTING -s 10.0.0.2 -j MARK --set-mark $MARKPRIO1
IPTABLES -t mangle -A PREROUTING -s 10.0.0.3 -j MARK --set-mark $MARKPRIO1
IPTABLES -t mangle -A PREROUTING -s 10.0.0.4 -j MARK --set-mark $MARKPRIO1

####- Prioridade 4
#- HTTP
IPTABLES -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark $MARKPRIO4
IPTABLES -t mangle -A PREROUTING -p tcp --dport 8080 -j MARK --set-mark $MARKPRIO4
#- HTTPS
IPTABLES -t mangle -A PREROUTING -p tcp --dport 443 -j MARK --set-mark $MARKPRIO4
#- Proxy
IPTABLES -t mangle -A PREROUTING -p tcp --dport 3128 -j MARK --set-mark $MARKPRIO4

####- Prioridade 6
#- SSH
IPTABLES -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark $MARKPRIO6
#- Todo o restante"
IPTABLES -t mangle -A PREROUTING -s 143.54.196.0/24 -j MARK --set-mark $MARKPRIO6
IPTABLES -t mangle -A PREROUTING -s 143.54.197.0/24 -j MARK --set-mark $MARKPRIO6
IPTABLES -t mangle -A PREROUTING -s 143.54.198.0/24 -j MARK --set-mark $MARKPRIO6
IPTABLES -t mangle -A PREROUTING -s 143.54.199.0/24 -j MARK --set-mark $MARKPRIO6
########---- FIM DAS PRIORIDADES DE UPLOAD ----########
#
###- FIM DE #- MARCANDO PACOTES para QoS - divisao de banda download/upload
}
#
#
#
################# QoS SCRIPT ####################
qos_script() {
case $option in
start) qos_script_start ;;
stop) qos_script_stop ;;
restart) qos_script_stop ; qos_script_start ;;
*) echo "###- ERRO -### #- QoS_script, opcao invalida. Uilizar (start|stop|restart)" ; exit 1 ;;
esac
}

qos_script_start() {
####- Regras de QoS - Divisao de banda
# Load modules
modprobe sch_htb

# Delete Queue Disciplines
tc qdisc del dev $int_if root 2> /dev/null > /dev/null
tc qdisc del dev $ext_if root 2> /dev/null > /dev/null

# Specify queue discipline"
tc qdisc add dev $int_if root handle 1:0 htb default 30
tc qdisc add dev $ext_if root handle 1:0 htb default 60

# Create Root Class
#- Recebe as regras de DOWNLOAD (MARKPRIO impares 1,3 e 5)
tc class add dev $int_if parent 1:0 classid 1:1 htb rate $upload_limit ceil $upload_limit
#- Recebe as regras de UPLOAD (MARKPRIO pares 2,4 e 6)
tc class add dev $ext_if parent 1:0 classid 1:1 htb rate $download_limit ceil $download_limit

### Create Sub Classes
#- DOWNLOAD"
tc class add dev $int_if parent 1:1 classid 1:10 htb rate $prio_1_band ceil $prio_1_band_limit prio 1
tc class add dev $int_if parent 1:1 classid 1:30 htb rate $prio_3_band ceil $prio_3_band_limit prio 3
tc class add dev $int_if parent 1:1 classid 1:50 htb rate $prio_5_band ceil $prio_5_band_limit prio 5
#- UPLOAD"
tc class add dev $ext_if parent 1:1 classid 1:20 htb rate $prio_2_band ceil $prio_2_band_limit prio 2
tc class add dev $ext_if parent 1:1 classid 1:40 htb rate $prio_4_band ceil $prio_4_band_limit prio 4
tc class add dev $ext_if parent 1:1 classid 1:60 htb rate $prio_6_band ceil $prio_6_band_limit prio 6

# Filter packets
#- DOWNLOAD"
tc filter add dev $int_if parent 1:0 protocol ip prio 1 handle $MARKPRIO1 fw classid 1:10
tc filter add dev $int_if parent 1:0 protocol ip prio 3 handle $MARKPRIO3 fw classid 1:30
tc filter add dev $int_if parent 1:0 protocol ip prio 5 handle $MARKPRIO5 fw classid 1:50
#- UPLOAD"
tc filter add dev $ext_if parent 1:0 protocol ip prio 2 handle $MARKPRIO2 fw classid 1:20
tc filter add dev $ext_if parent 1:0 protocol ip prio 4 handle $MARKPRIO4 fw classid 1:40
tc filter add dev $ext_if parent 1:0 protocol ip prio 6 handle $MARKPRIO6 fw classid 1:60

# Add queuing disciplines
#- DOWNLOAD"
tc qdisc add dev $int_if parent 1:10 sfq perturb 5
tc qdisc add dev $int_if parent 1:30 sfq perturb 5
tc qdisc add dev $int_if parent 1:50 sfq perturb 5
#- UPLOAD
tc qdisc add dev $ext_if parent 1:20 sfq perturb 5
tc qdisc add dev $ext_if parent 1:40 sfq perturb 5
tc qdisc add dev $ext_if parent 1:60 sfq perturb 5
####- FIM DE #- Regras de QoS - Divisao de banda
}

qos_script_stop() {
###- Parando regras de QoS
tc qdisc del dev $ext_if root 2> /dev/null > /dev/null
tc qdisc del dev $int_if root 2> /dev/null > /dev/null
###- FIM de Parando regras de QoS
################# FIM DE QoS SCRIPT ####################
#
}
controle