使用tc限制单IP网速

为了让路由更稳定，给路由的DD-WRT添加了一段基于tc的限制单IP流量的启动代码，DD-WRT v24-sp2是采用Linux 2.6.24.111内核，搭载iptables v1.3.7、TC和BusyBox v1.13.4的。

    
    #!/bin/sh
    
    IDEV="br0"
    ODEV="eth1"
    
    UP="30mbit"
    DOWN="30mbit"
     
    UPLOAD="1mbit"
    DOWNLOAD="2mbit"
    
    MUPLOAD="5mbit"
    MDOWNLOAD="8mbit"
     
    INET="172.1.1."
    IPS="3" 
    IPE="253"
    
    tc qdisc del dev $ODEV root 2>/dev/null
    tc qdisc del dev $IDEV root 2>/dev/null
     
    tc qdisc add dev $ODEV root handle 10: htb default 256
    tc qdisc add dev $IDEV root handle 10: htb default 256
     
    tc class add dev $ODEV parent 10: classid 10:1 htb rate $UP ceil $UP
    tc class add dev $IDEV parent 10: classid 10:1 htb rate $DOWN ceil $DOWN
    
    i=$IPS;
    while [ $i -le $IPE ]
    do
    tc class add dev $ODEV parent 10:1 classid 10:2$i htb rate $UPLOAD ceil $MUPLOAD prio 1
    tc qdisc add dev $ODEV parent 10:2$i handle 100$i: pfifo
    tc filter add dev $ODEV parent 10: protocol ip prio 100 handle 2$i fw classid 10:2$i
    tc class add dev $IDEV parent 10:1 classid 10:2$i htb rate $DOWNLOAD ceil $MDOWNLOAD prio 1
    tc qdisc add dev $IDEV parent 10:2$i handle 100$i: pfifo
    tc filter add dev $IDEV parent 10: protocol ip prio 100 handle 2$i fw classid 10:2$i
    iptables -t mangle -A PREROUTING -s $INET$i -j MARK --set-mark 2$i
    iptables -t mangle -A PREROUTING -s $INET$i -j RETURN
    iptables -t mangle -A POSTROUTING -d $INET$i -j MARK --set-mark 2$i
    iptables -t mangle -A POSTROUTING -d $INET$i -j RETURN
    i=`expr $i + 1`
    done

添加启动脚本后使用tc qdisc ls dev br0、tc class ls dev br0等命令可以查看效果,此外用iptables禁止P2P只需要简单的一条语句:

    iptables -A FORWARD -m p2p --p2p-protocol fasttrack,bittorrent -j DROP