Changeset 103 for system/generators/traffic_shaping.php
- Timestamp:
- Aug 3, 2008, 6:50:25 PM (16 years ago)
- File:
-
- 1 edited
-
system/generators/traffic_shaping.php (modified) (11 diffs)
Legend:
- Unmodified
- Added
- Removed
-
system/generators/traffic_shaping.php
r37 r103 3 3 $Enabled = 1; 4 4 $ClassesEnabled = 1; 5 include_once(' ../../html/global.php');6 include_once(' ../../html/finance/include.php');5 include_once('/a/www/centrala/global.php'); 6 include_once('/a/www/centrala/finance/include.php'); 7 7 NactiMesicniParametry(0); 8 8 … … 28 28 $File = fopen('/a/bin/htb.sh', 'w+'); 29 29 fputs($File, "#!/bin/sh\n"); 30 exec(' iptables -t mangle -F FORWARD');31 exec(' iptables -t mangle -F INPUT');32 exec(' iptables -t mangle -F OUTPUT');33 exec(' iptables -t mangle -F PREROUTING');34 exec(' iptables -t mangle -F POSTROUTING');30 exec('/sbin/iptables -t mangle -F FORWARD'); 31 exec('/sbin/iptables -t mangle -F INPUT'); 32 exec('/sbin/iptables -t mangle -F OUTPUT'); 33 exec('/sbin/iptables -t mangle -F PREROUTING'); 34 exec('/sbin/iptables -t mangle -F POSTROUTING'); 35 35 if($Enabled) 36 36 { 37 exec(' iptables -t mangle -A FORWARD -j MARK --set-mark 0');38 exec(' iptables -t mangle -i eth1 -A FORWARD -j MARK --set-mark 1');39 exec(' iptables -t mangle -o eth1 -A FORWARD -j MARK --set-mark 1');37 exec('/sbin/iptables -t mangle -A FORWARD -j MARK --set-mark 0'); 38 exec('/sbin/iptables -t mangle -i eth1 -A FORWARD -j MARK --set-mark 1'); 39 exec('/sbin/iptables -t mangle -o eth1 -A FORWARD -j MARK --set-mark 1'); 40 40 } 41 41 … … 43 43 44 44 // In going traffic 45 fputs($File, " tc qdisc del dev imq0 root\n");45 fputs($File, "/sbin/tc qdisc del dev imq0 root\n"); 46 46 if($Enabled) 47 47 { 48 fputs($File, " tc qdisc add dev imq0 root handle 1:0 htb default 2\n");49 fputs($FileClassInfo, "1:1 Z �ladn�t�a\n");50 fputs($File, " tc class add dev imq0 parent 1:0 classid 1:1 htb rate ".$TotalMaxSpeedIn."kbit quantum 1500\n");48 fputs($File, "/sbin/tc qdisc add dev imq0 root handle 1:0 htb default 2\n"); 49 fputs($FileClassInfo, "1:1 Základní\n"); 50 fputs($File, "/sbin/tc class add dev imq0 parent 1:0 classid 1:1 htb rate ".$TotalMaxSpeedIn."kbit quantum 1500\n"); 51 51 fputs($FileClassInfo, "1:2 Internet zdarma\n"); 52 fputs($File, " tc class add dev imq0 parent 1:1 classid 1:".$FreeInetClass." htb rate 32kbit prio 3 quantum 1500\n");53 fputs($File, " tc qdisc add dev imq0 parent 1:".$FreeInetClass." handle ".$FreeInetClass.": sfq perturb 10\n");52 fputs($File, "/sbin/tc class add dev imq0 parent 1:1 classid 1:".$FreeInetClass." htb rate 32kbit prio 3 quantum 1500\n"); 53 fputs($File, "/sbin/tc qdisc add dev imq0 parent 1:".$FreeInetClass." handle ".$FreeInetClass.": sfq perturb 10\n"); 54 54 } 55 55 // Out going traffic 56 fputs($File, " tc qdisc del dev imq1 root\n");56 fputs($File, "/sbin/tc qdisc del dev imq1 root\n"); 57 57 if($Enabled) 58 58 { 59 fputs($File, " tc qdisc add dev imq1 root handle 1:0 htb default 2\n");60 fputs($File, " tc class add dev imq1 parent 1:0 classid 1:1 htb rate ".$TotalMaxSpeedOut."kbit quantum 1500\n");61 fputs($File, " tc class add dev imq1 parent 1:1 classid 1:".$FreeInetClass." htb rate 32kbit prio 3 quantum 1500\n");62 fputs($File, " tc qdisc add dev imq1 parent 1:".$FreeInetClass." handle ".$FreeInetClass.": sfq perturb 10\n");59 fputs($File, "/sbin/tc qdisc add dev imq1 root handle 1:0 htb default 2\n"); 60 fputs($File, "/sbin/tc class add dev imq1 parent 1:0 classid 1:1 htb rate ".$TotalMaxSpeedOut."kbit quantum 1500\n"); 61 fputs($File, "/sbin/tc class add dev imq1 parent 1:1 classid 1:".$FreeInetClass." htb rate 32kbit prio 3 quantum 1500\n"); 62 fputs($File, "/sbin/tc qdisc add dev imq1 parent 1:".$FreeInetClass." handle ".$FreeInetClass.": sfq perturb 10\n"); 63 63 } 64 64 … … 75 75 76 76 // VoIP in going traffic 77 fputs($File, " tc class add dev imq0 parent 1:1 classid 1:".$VoipClassId." htb rate ".$VoipSpeedIn."kbit ceil ".$VoipMaxSpeedIn."kbit quantum 12000 burst 6k cburst 3k prio ".$Prio."\n");78 fputs($File, " tc qdisc add dev imq0 parent 1:".$VoipClassId." handle ".$VoipClassId.": sfq perturb 10\n");79 fputs($File, " tc filter add dev imq0 parent 1:0 protocol ip handle ".$VoipClassId." fw flowid 1:".$VoipClassId."\n");77 fputs($File, "/sbin/tc class add dev imq0 parent 1:1 classid 1:".$VoipClassId." htb rate ".$VoipSpeedIn."kbit ceil ".$VoipMaxSpeedIn."kbit quantum 12000 burst 6k cburst 3k prio ".$Prio."\n"); 78 fputs($File, "/sbin/tc qdisc add dev imq0 parent 1:".$VoipClassId." handle ".$VoipClassId.": sfq perturb 10\n"); 79 fputs($File, "/sbin/tc filter add dev imq0 parent 1:0 protocol ip handle ".$VoipClassId." fw flowid 1:".$VoipClassId."\n"); 80 80 // VoIP out going traffic 81 fputs($File, " tc class add dev imq1 parent 1:1 classid 1:".$VoipClassId." htb rate ".$VoipSpeedOut."kbit ceil ".$VoipMaxSpeedOut."kbit quantum 12000 burst 6k cburst 3k prio ".$Prio."\n");82 fputs($File, " tc qdisc add dev imq1 parent 1:".$VoipClassId." handle ".$VoipClassId.": sfq perturb 10\n");83 fputs($File, " tc filter add dev imq1 parent 1:0 protocol ip handle ".$VoipClassId." fw flowid 1:".$VoipClassId."\n");81 fputs($File, "/sbin/tc class add dev imq1 parent 1:1 classid 1:".$VoipClassId." htb rate ".$VoipSpeedOut."kbit ceil ".$VoipMaxSpeedOut."kbit quantum 12000 burst 6k cburst 3k prio ".$Prio."\n"); 82 fputs($File, "/sbin/tc qdisc add dev imq1 parent 1:".$VoipClassId." handle ".$VoipClassId.": sfq perturb 10\n"); 83 fputs($File, "/sbin/tc filter add dev imq1 parent 1:0 protocol ip handle ".$VoipClassId." fw flowid 1:".$VoipClassId."\n"); 84 84 fputs($FileClassInfo, '1:'.$VoipClassId." VoIP\n"); 85 85 … … 96 96 $AllUsersClassId = $ClassId; 97 97 $ClassId = $ClassId + 1; 98 fputs($File, " tc class add dev imq0 parent 1:1 classid 1:".$AllUsersClassId." htb rate ".$UsersMaxSpeedIn."kbit prio 1 quantum 1500\n");99 fputs($File, " tc class add dev imq1 parent 1:1 classid 1:".$AllUsersClassId." htb rate ".$UsersMaxSpeedOut."kbit prio 1 quantum 1500\n");100 fputs($FileClassInfo, '1:'.$AllUsersClassId." V ichni uivatel�n");98 fputs($File, "/sbin/tc class add dev imq0 parent 1:1 classid 1:".$AllUsersClassId." htb rate ".$UsersMaxSpeedIn."kbit prio 1 quantum 1500\n"); 99 fputs($File, "/sbin/tc class add dev imq1 parent 1:1 classid 1:".$AllUsersClassId." htb rate ".$UsersMaxSpeedOut."kbit prio 1 quantum 1500\n"); 100 fputs($FileClassInfo, '1:'.$AllUsersClassId." Všichni uživatelé\n"); 101 101 102 102 // Torrent sharing … … 107 107 108 108 // Torrent out going traffic 109 fputs($File, " tc class add dev imq1 parent 1:".$AllUsersClassId." classid 1:".$TorrentClassId." htb rate ".$TorrentSpeedOut."kbit ceil ".$UsersMaxSpeedOut."kbit prio ".$Prio." quantum 1500\n");110 fputs($File, " tc qdisc add dev imq1 parent 1:".$TorrentClassId." handle ".$TorrentClassId.":0 sfq perturb 10\n");111 fputs($File, " tc filter add dev imq1 parent 1:0 protocol ip handle ".$TorrentClassId." fw flowid 1:".$TorrentClassId."\n");109 fputs($File, "/sbin/tc class add dev imq1 parent 1:".$AllUsersClassId." classid 1:".$TorrentClassId." htb rate ".$TorrentSpeedOut."kbit ceil ".$UsersMaxSpeedOut."kbit prio ".$Prio." quantum 1500\n"); 110 fputs($File, "/sbin/tc qdisc add dev imq1 parent 1:".$TorrentClassId." handle ".$TorrentClassId.":0 sfq perturb 10\n"); 111 fputs($File, "/sbin/tc filter add dev imq1 parent 1:0 protocol ip handle ".$TorrentClassId." fw flowid 1:".$TorrentClassId."\n"); 112 112 fputs($FileClassInfo, '1:'.$TorrentClassId." Torrent\n"); 113 113 // Torrent in going traffic 114 fputs($File, " tc class add dev imq0 parent 1:".$AllUsersClassId." classid 1:".$TorrentClassId." htb rate ".$TorrentSpeedOut."kbit ceil ".$UsersMaxSpeedOut."kbit prio ".$Prio." quantum 1500\n");115 fputs($File, " tc qdisc add dev imq0 parent 1:".$TorrentClassId." handle ".$TorrentClassId.":0 sfq perturb 10\n");116 fputs($File, " tc filter add dev imq0 parent 1:0 protocol ip handle ".$TorrentClassId." fw flowid 1:".$TorrentClassId."\n");114 fputs($File, "/sbin/tc class add dev imq0 parent 1:".$AllUsersClassId." classid 1:".$TorrentClassId." htb rate ".$TorrentSpeedOut."kbit ceil ".$UsersMaxSpeedOut."kbit prio ".$Prio." quantum 1500\n"); 115 fputs($File, "/sbin/tc qdisc add dev imq0 parent 1:".$TorrentClassId." handle ".$TorrentClassId.":0 sfq perturb 10\n"); 116 fputs($File, "/sbin/tc filter add dev imq0 parent 1:0 protocol ip handle ".$TorrentClassId." fw flowid 1:".$TorrentClassId."\n"); 117 117 fputs($FileClassInfo, '1:'.$TorrentClassId." Torrent\n"); 118 118 … … 129 129 130 130 fputs($File, "# === ".$User['fullname']." ===\n"); 131 fputs($File, " tc class add dev imq0 parent 1:".$AllUsersClassId." classid 1:".$UserClassId." htb rate ".$SpeedIn."bit ceil ".$UserMaxSpeedIn."bit prio 1 quantum ".$Quantum."\n");132 //fputs($File, " tc qdisc add dev imq0 parent 1:".$UserClassId." handle ".$UserClassId.":0 htb r2q 10\n");133 //fputs($File, " tc class add dev imq0 parent ".$UserClassId.":0 classid ".$UserClassId.":".$UserClassId." htb rate ".$UserMaxSpeedIn."bit prio 1\n");134 fputs($File, " tc class add dev imq1 parent 1:".$AllUsersClassId." classid 1:".$UserClassId." htb rate ".$SpeedOut."bit ceil ".$UserMaxSpeedOut."bit prio 1 quantum ".$Quantum."\n");135 //fputs($File, " tc qdisc add dev imq1 parent 1:".$UserClassId." handle ".$UserClassId.":0 htb r2q 10\n");136 //fputs($File, " tc class add dev imq1 parent ".$UserClassId.":0 classid ".$UserClassId.":".$UserClassId." htb rate ".$UserMaxSpeedOut."bit prio 1\n");131 fputs($File, "/sbin/tc class add dev imq0 parent 1:".$AllUsersClassId." classid 1:".$UserClassId." htb rate ".$SpeedIn."bit ceil ".$UserMaxSpeedIn."bit prio 1 quantum ".$Quantum."\n"); 132 //fputs($File, "/sbin/tc qdisc add dev imq0 parent 1:".$UserClassId." handle ".$UserClassId.":0 htb r2q 10\n"); 133 //fputs($File, "/sbin/tc class add dev imq0 parent ".$UserClassId.":0 classid ".$UserClassId.":".$UserClassId." htb rate ".$UserMaxSpeedIn."bit prio 1\n"); 134 fputs($File, "/sbin/tc class add dev imq1 parent 1:".$AllUsersClassId." classid 1:".$UserClassId." htb rate ".$SpeedOut."bit ceil ".$UserMaxSpeedOut."bit prio 1 quantum ".$Quantum."\n"); 135 //fputs($File, "/sbin/tc qdisc add dev imq1 parent 1:".$UserClassId." handle ".$UserClassId.":0 htb r2q 10\n"); 136 //fputs($File, "/sbin/tc class add dev imq1 parent ".$UserClassId.":0 classid ".$UserClassId.":".$UserClassId." htb rate ".$UserMaxSpeedOut."bit prio 1\n"); 137 137 fputs($FileClassInfo, '1:'.$UserClassId.' '.$User['fullname']."\n"); 138 138 … … 184 184 if($Host['name'] == 'GAME') 185 185 { 186 exec(' iptables -t mangle -F game-server');186 exec('/sbin/iptables -t mangle -F game-server'); 187 187 $TableOut = 'game-server'; 188 188 $TableIn = 'game-server'; … … 191 191 192 192 // In going traffic 193 exec(' iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId);194 fputs($File, " tc class add dev imq0 parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedIn."bit ceil ".$UserMaxSpeedIn."bit prio ".$Prio." quantum ".$Quantum."\n");195 fputs($File, " tc qdisc add dev imq0 parent 1:".$HostClassId." handle ".$HostClassId.":0 sfq perturb 10\n");196 //fputs($File, " tc filter add dev imq0 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$UserClassId."\n");197 fputs($File, " tc filter add dev imq0 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$HostClassId."\n");193 exec('/sbin/iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId); 194 fputs($File, "/sbin/tc class add dev imq0 parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedIn."bit ceil ".$UserMaxSpeedIn."bit prio ".$Prio." quantum ".$Quantum."\n"); 195 fputs($File, "/sbin/tc qdisc add dev imq0 parent 1:".$HostClassId." handle ".$HostClassId.":0 sfq perturb 10\n"); 196 //fputs($File, "/sbin/tc filter add dev imq0 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$UserClassId."\n"); 197 fputs($File, "/sbin/tc filter add dev imq0 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$HostClassId."\n"); 198 198 199 199 // Out going traffic 200 exec(' iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId);201 fputs($File, " tc class add dev imq1 parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedOut."bit ceil ".$UserMaxSpeedOut."bit prio ".$Prio." quantum ".$Quantum."\n");202 fputs($File, " tc qdisc add dev imq1 parent 1:".$HostClassId." handle ".$HostClassId.":0 sfq perturb 10\n");203 //fputs($File, " tc filter add dev imq1 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$UserClassId."\n");204 fputs($File, " tc filter add dev imq1 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$HostClassId."\n");200 exec('/sbin/iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId); 201 fputs($File, "/sbin/tc class add dev imq1 parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedOut."bit ceil ".$UserMaxSpeedOut."bit prio ".$Prio." quantum ".$Quantum."\n"); 202 fputs($File, "/sbin/tc qdisc add dev imq1 parent 1:".$HostClassId." handle ".$HostClassId.":0 sfq perturb 10\n"); 203 //fputs($File, "/sbin/tc filter add dev imq1 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$UserClassId."\n"); 204 fputs($File, "/sbin/tc filter add dev imq1 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$HostClassId."\n"); 205 205 //echo($Row['id'].','); 206 206 } … … 208 208 if($Tarify[$User['inet_tarif_now']]['group_id'] == 3) 209 209 { 210 //exec(' iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$FreeInetClass);211 //exec(' iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$FreeInetClass);210 //exec('/sbin/iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$FreeInetClass); 211 //exec('/sbin/iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$FreeInetClass); 212 212 } 213 213 // VoIP devices 214 214 if(($Host['name'] == 'HAJDA-VOIP') || ($Host['name'] == 'NAVRATIL-VOIP')) 215 215 { 216 exec(' iptables -t mangle -A '.$TableIn." -i eth1 -d ".$Host['IP']." -p udp -j MARK --set-mark ".$VoipClassId);217 exec(' iptables -t mangle -A '.$TableOut." -o eth1 -s ".$Host['IP']." -p udp -j MARK --set-mark ".$VoipClassId);216 exec('/sbin/iptables -t mangle -A '.$TableIn." -i eth1 -d ".$Host['IP']." -p udp -j MARK --set-mark ".$VoipClassId); 217 exec('/sbin/iptables -t mangle -A '.$TableOut." -o eth1 -s ".$Host['IP']." -p udp -j MARK --set-mark ".$VoipClassId); 218 218 } else 219 219 if($Host['name'] == 'GAME') 220 220 { 221 exec(' iptables -t mangle -A FORWARD -o eth1 -s '.$Host['IP']." -j game-server");222 exec(' iptables -t mangle -A FORWARD -i eth1 -d '.$Host['IP']." -j game-server");221 exec('/sbin/iptables -t mangle -A FORWARD -o eth1 -s '.$Host['IP']." -j game-server"); 222 exec('/sbin/iptables -t mangle -A FORWARD -i eth1 -d '.$Host['IP']." -j game-server"); 223 223 224 exec(' iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId);225 exec(' iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId);226 //exec(' iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 10886 -j MARK --set-mark ".$TorrentClassId);224 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId); 225 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId); 226 //exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 10886 -j MARK --set-mark ".$TorrentClassId); 227 227 // default torrents 228 //exec(' iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 10886 -j MARK --set-mark ".$TorrentClassId);228 //exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 10886 -j MARK --set-mark ".$TorrentClassId); 229 229 230 230 // Local services 231 exec(' iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p icmp -j MARK --set-mark ".$HostClassId); // ICMP232 exec(' iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p icmp -j MARK --set-mark ".$HostClassId);233 exec(' iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 6969 -j MARK --set-mark ".$HostClassId); // web torrent234 exec(' iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 6969 -j MARK --set-mark ".$HostClassId);235 exec(' iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId); // web236 exec(' iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId);237 exec(' iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 21 -j MARK --set-mark ".$HostClassId); // FTP238 exec(' iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 21 -j MARK --set-mark ".$HostClassId);239 exec(' iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 8085 -j MARK --set-mark ".$HostClassId); // wow game server240 exec(' iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 8085 -j MARK --set-mark ".$HostClassId);241 exec(' iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 3724 -j MARK --set-mark ".$HostClassId); // wow login server242 exec(' iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 3724 -j MARK --set-mark ".$HostClassId);243 exec(' iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 22 -j MARK --set-mark ".$HostClassId); // wow game server244 exec(' iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 22 -j MARK --set-mark ".$HostClassId);245 exec(' iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 443 -j MARK --set-mark ".$HostClassId); // https246 exec(' iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 443 -j MARK --set-mark ".$HostClassId);247 exec(' iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 27015 -j MARK --set-mark ".$HostClassId); // Counter Strike248 exec(' iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 27015 -j MARK --set-mark ".$HostClassId);249 exec(' iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 5905 -j MARK --set-mark ".$HostClassId); // VNC250 exec(' iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 5905 -j MARK --set-mark ".$HostClassId);251 exec(' iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 5906 -j MARK --set-mark ".$HostClassId); // VNC252 exec(' iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 5906 -j MARK --set-mark ".$HostClassId);231 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p icmp -j MARK --set-mark ".$HostClassId); // ICMP 232 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p icmp -j MARK --set-mark ".$HostClassId); 233 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 6969 -j MARK --set-mark ".$HostClassId); // web torrent 234 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 6969 -j MARK --set-mark ".$HostClassId); 235 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId); // web 236 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId); 237 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 21 -j MARK --set-mark ".$HostClassId); // FTP 238 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 21 -j MARK --set-mark ".$HostClassId); 239 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 8085 -j MARK --set-mark ".$HostClassId); // wow game server 240 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 8085 -j MARK --set-mark ".$HostClassId); 241 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 3724 -j MARK --set-mark ".$HostClassId); // wow login server 242 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 3724 -j MARK --set-mark ".$HostClassId); 243 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 22 -j MARK --set-mark ".$HostClassId); // wow game server 244 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 22 -j MARK --set-mark ".$HostClassId); 245 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 443 -j MARK --set-mark ".$HostClassId); // https 246 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 443 -j MARK --set-mark ".$HostClassId); 247 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 27015 -j MARK --set-mark ".$HostClassId); // Counter Strike 248 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 27015 -j MARK --set-mark ".$HostClassId); 249 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 5905 -j MARK --set-mark ".$HostClassId); // VNC 250 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 5905 -j MARK --set-mark ".$HostClassId); 251 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 5906 -j MARK --set-mark ".$HostClassId); // VNC 252 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 5906 -j MARK --set-mark ".$HostClassId); 253 253 254 254 // Remote services 255 exec(' iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --dport 443 -j MARK --set-mark ".$HostClassId); // https256 exec(' iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --sport 443 -j MARK --set-mark ".$HostClassId);257 exec(' iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId); // http258 exec(' iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId);255 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --dport 443 -j MARK --set-mark ".$HostClassId); // https 256 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --sport 443 -j MARK --set-mark ".$HostClassId); 257 exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId); // http 258 exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId); 259 259 260 260 } … … 268 268 269 269 // In going traffic 270 // exec(' iptables -t mangle -A FORWARD -m mark --mark 1 -j LOG --log-prefix "TRAFFIC " --log-level info');271 exec(' iptables -t mangle -A FORWARD -i eth1 -j IMQ --todev 0');272 exec(' iptables -t mangle -A INPUT -i eth1 -j IMQ --todev 0');270 // exec('/sbin/iptables -t mangle -A FORWARD -m mark --mark 1 -j LOG --log-prefix "TRAFFIC " --log-level info'); 271 exec('/sbin/iptables -t mangle -A FORWARD -i eth1 -j IMQ --todev 0'); 272 exec('/sbin/iptables -t mangle -A INPUT -i eth1 -j IMQ --todev 0'); 273 273 // Out going traffic 274 exec(' iptables -t mangle -A FORWARD -o eth1 -j IMQ --todev 1');275 exec(' iptables -t mangle -A OUTPUT -o eth1 -j IMQ --todev 1');274 exec('/sbin/iptables -t mangle -A FORWARD -o eth1 -j IMQ --todev 1'); 275 exec('/sbin/iptables -t mangle -A OUTPUT -o eth1 -j IMQ --todev 1'); 276 276 exec('/sbin/iptables-save >/etc/sysconfig/iptables'); 277 277 fclose($File);
Note:
See TracChangeset
for help on using the changeset viewer.
