#!/bin/bash # The Ultimate Setup For Your Internet Connection At Home # # # Set the following values to somewhat less than your actual download # and uplink speed. In kilobits DOWNLINK=4000 UPLINK=150 DEV=eth0 TC=/sbin/tc # clean existing down- and uplink qdiscs, hide errors $TC qdisc del dev $DEV root 2> /dev/null > /dev/null $TC qdisc del dev $DEV ingress 2> /dev/null > /dev/null # clean existing classes #tc class del dev $DEV 2> /dev/null > /dev/null # clean existing filters #tc filter del dev $DEV 2> /dev/null > /dev/null ###### uplink # install root HTB, point default traffic to 1:20: $TC qdisc add dev $DEV root handle 1: htb default 20 # shape everything at $UPLINK speed - this prevents huge queues in your # DSL modem which destroy latency: $TC class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k # realtime priority $TC class add dev $DEV parent 1:1 classid 1:5 htb rate ${UPLINK}kbit \ burst 6k prio 1 # high prio class 1:10: $TC class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit \ burst 6k prio 2 # bulk & default class 1:20 - gets slightly less traffic, # and a lower priority: $TC class add dev $DEV parent 1:1 classid 1:20 htb rate $[9*$UPLINK/10]kbit \ burst 6k prio 3 # low priority p2p traffic class 1:30 - gets lower priority again $TC class add dev $DEV parent 1:1 classid 1:30 htb rate $[8*$UPLINK/10]kbit \ burst 6k prio 4 # all get Stochastic Fairness: $TC qdisc add dev $DEV parent 1:5 handle 5: sfq perturb 10 $TC qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10 $TC qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10 $TC qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10 # Everquest goes into realtime priority $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 64.37.148.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 64.37.149.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 64.37.150.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 64.37.151.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 64.37.156.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 64.37.157.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 195.33.132.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 195.33.108.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 195.33.133.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 199.108.1.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 199.108.2.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 199.108.3.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 64.37.148.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 64.37.149.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 64.37.150.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 64.37.151.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 64.37.156.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 64.37.157.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 195.33.132.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 195.33.108.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 195.33.133.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 199.108.1.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 199.108.2.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 199.108.3.0/24 flowid 1:5 # Everquest2 goes into realtime priority $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 64.37.158.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 199.108.11.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 199.108.12.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 199.108.13.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 199.108.202.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 199.108.203.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip dst 195.33.135.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 64.37.158.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 199.108.11.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 199.108.12.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 199.108.13.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 199.108.202.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 199.108.203.0/24 flowid 1:5 $TC filter add dev $DEV parent 1:0 protocol ip prio 5 u32 \ match ip src 195.33.135.0/24 flowid 1:5 # TOS Minimum Delay (ssh, NOT scp) in 1:10: $TC filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \ match ip tos 0x10 0xff flowid 1:10 # ICMP (ip protocol 1) in the interactive class 1:10 so we # can do measurements & impress our friends: $TC filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \ match ip protocol 1 0xff flowid 1:10 # To speed up downloads while an upload is going on, put ACK packets in # the interactive class: $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u16 0x0000 0xffc0 at 2 \ match u8 0x10 0xff at 33 \ flowid 1:10 # add tcp port 6881-6889 (bittorrent) to 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip sport 6881 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip sport 6882 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip sport 6883 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip sport 6884 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip sport 6885 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip sport 6886 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip sport 6887 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip sport 6888 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip sport 6889 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip dport 6881 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip dport 6882 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip dport 6883 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip dport 6884 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip dport 6885 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip dport 6886 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip dport 6887 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip dport 6888 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip dport 6889 0xffff \ flowid 1:30 # WoW $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip dport 3724 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip sport 3724 0xffff \ flowid 1:30 # put nntp into lowest priority $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip sport 119 0xffff \ flowid 1:30 $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match ip dport 119 0xffff \ flowid 1:30 # rest is 'non-interactive' ie 'bulk' and ends up in 1:20 ########## downlink ############# # slow downloads down to somewhat less than the real speed to prevent # queuing at our ISP. Tune to see how high you can set it. # ISPs tend to have *huge* queues to make sure big downloads are fast # # attach ingress policer: $TC qdisc add dev $DEV handle ffff: ingress # filter *everything* to it (0.0.0.0/0), drop everything that's # coming in too fast: $TC filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \ 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1