File "htbv2.sh"
Full path: /www/wwwroot/fabriciovc.eti.br/downloads/windows/iptables/postfix/htbv2.sh
File size: 9.92 KiB (10161 bytes)
MIME-type: text/x-shellscript
Charset: utf-8
#!/bin/bash
#
# htb.sh agent start/stop script.
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Script de controle de banda com iproute/htb #
# http://downloads.fabriciovc.eti.br/iproute/ #
# #
# Copyright (C) 2014 - Fabricio Vaccari Constanski #
# Fabricio Vaccari Constanski | fabriciovc@fabriciovc.eti.br #
# 20140811, FabricioVC - Versao inicial #
# 20140820, FabricioVC - Ajustes de funcoes e envio de alertas por email #
# #
# Creative Commons #
# Atribuicao-Compartilhamento pela mesma Licenca 3.0 Brasil. #
# http://creativecommons.org/licenses/by-sa/3.0/br/ #
# #
# Você tem a liberdade de: #
# * Compartilhar: copiar, distribuir e transmitir a obra. #
# * Remixar: criar obras derivadas. #
# * Fazer uso comercial da obra #
# #
# Sob as seguintes condições: #
# * Atribuição - Você deve creditar a obra da forma especificada pelo autor #
# * Compartilhamento pela mesma licença - Se você alterar, transformar ou #
# criar em cima desta obra, você poderá distribuir a obra resultante #
# apenas sob a mesma licença, ou sob uma licença similar à presente. #
# * Aviso: Para qualquer reutilização ou distribuição, você deve deixar claro #
# a terceiros os termos da licença a que se encontra submetida esta #
# obra. A melhor maneira de fazer isso é com um link para a página #
# http://creativecommons.org/licenses/by/3.0/br/. #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#==============================================================================
# Commands
CAT="/bin/cat"
DATE="/bin/date"
GREP="/bin/grep"
IPTABLES="/sbin/iptables"
MAIL="/usr/bin/mail"
MKDIR="/bin/mkdir"
TC="/sbin/tc"
WC="/usr/bin/wc"
#
#------------------------------------------------------------------------------
MAILTO="email@domain.com"
#------------------------------------------------------------------------------
# External Interface
EXT_IFACE="eth0" # ethX
EXT_RATEFULL="6mbit" # in kbit/mbit
EXT_RATE10="4mbit" # in kbit/mbit
EXT_RATE20="2mbit" # in kbit/mbit
EXT_RATE30="1mbit" # in kbit/mbit
EXT_ENABLE="1" # 0=disable/1=enable
#
# Internal Interface
INT_IFACE="eth6" # ethX
INT_RATEFULL="" # in kbit/mbit
INT_RATE10="3mbit" # in kbit/mbit
INT_RATE20="1mbit" # in kbit/mbit
INT_RATE30="512kbit" # in kbit/mbit
INT_ENABLE="0" # 0=disable/1=enable
#
# DMZ Interface
DMZ_IFACE="" # ethX
DMZ_RATEFULL="" # in kbit/mbit
DMZ_RATE10="3mbit" # in kbit/mbit
DMZ_RATE20="1mbit" # in kbit/mbit
DMZ_RATE30="512kbit" # in kbit/mbit
DMZ_ENABLE="0" # 0=disable/1=enable
#
#------------------------------------------------------------------------------
# Clean Iptables Rules
${IPTABLES} -t mangle -F FORWARD
#
#------------------------------------------------------------------------------
# Date set
TODAY=$(${DATE} +"%Y%m%d")
CURRENT_TIME=$(${DATE} +"%H%M")
#
#------------------------------------------------------------------------------
# Status func
checkStatus () {
if [ $? -eq 0 ]; then
echo " ... done"
else
echo " ... failed"
fi
}
#------------------------------------------------------------------------------
# Log Tree
LOG_DIR="/var/log/htb"
#
# Log Dir
if [ ! -d "${LOG_DIR}" ]; then
if ! ${MKDIR} -p "${LOG_DIR}"; then
echo "Diretorio de log não criado"
checkStatus
fi
fi
#
# Log File
LOG_FILE="${LOG_DIR}/htb-${TODAY}-${CURRENT_TIME}.log"
LOG_FILE_ERROR="${LOG_DIR}/htb-${TODAY}-${CURRENT_TIME}_error.log"
#
#------------------------------------------------------------------------------
# Standard Output Log
# STDOUT
exec > "${LOG_FILE}"
# STDERR
exec 2> "${LOG_FILE_ERROR}"
#------------------------------------------------------------------------------
# Iptables Rules Functions
iptExtRuleLoad () {
${IPTABLES} -t mangle -A FORWARD -i ${INT_IFACE} -o ${EXT_IFACE} -j CLASSIFY --set-class 1:10
}
iptIntRuleLoad () {
${IPTABLES} -t mangle -A FORWARD -i ${EXT_IFACE} -o ${INT_IFACE} -j CLASSIFY --set-class 1:10
}
iptDmzRuleLoad () {
${IPTABLES} -t mangle -A FORWARD -i ${EXT_IFACE} -o ${DMZ_IFACE} -j CLASSIFY --set-class 1:10
}
#------------------------------------------------------------------------------
# HTB Rules Functions
extRuleLoad () {
# qdisk rules
${TC} qdisc del dev ${EXT_IFACE} root
${TC} qdisc add dev ${EXT_IFACE} root handle 1: htb default 30
# class rules
${TC} class add dev ${EXT_IFACE} parent 1: classid 1:1 htb rate ${EXT_RATEFULL}
${TC} class add dev ${EXT_IFACE} parent 1:1 classid 1:10 htb rate ${EXT_RATE10} ceil ${EXT_RATE10}
${TC} class add dev ${EXT_IFACE} parent 1:1 classid 1:20 htb rate ${EXT_RATE20} ceil ${EXT_RATE20}
${TC} class add dev ${EXT_IFACE} parent 1:1 classid 1:30 htb rate ${EXT_RATE30} ceil ${EXT_RATE30}
# sfq rules
${TC} qdisc add dev ${EXT_IFACE} parent 1:10 handle 10: sfq perturb 10
${TC} qdisc add dev ${EXT_IFACE} parent 1:20 handle 20: sfq perturb 10
${TC} qdisc add dev ${EXT_IFACE} parent 1:30 handle 30: sfq perturb 10
#
iptExtRuleLoad
}
#
intRuleLoad () {
# qdisk rules
${TC} qdisc del dev ${INT_IFACE} root
${TC} qdisc add dev ${INT_IFACE} root handle 1: htb default 30
# class rules
${TC} class add dev ${INT_IFACE} parent 1: classid 1:1 htb rate ${INT_RATEFULL}
${TC} class add dev ${INT_IFACE} parent 1:1 classid 1:10 htb rate ${INT_RATE10} ceil ${INT_RATEFULL}
${TC} class add dev ${INT_IFACE} parent 1:1 classid 1:20 htb rate ${INT_RATE20} ceil ${INT_RATEFULL}
${TC} class add dev ${INT_IFACE} parent 1:1 classid 1:30 htb rate ${INT_RATE30} ceil ${INT_RATEFULL}
# sfq rules
${TC} qdisc add dev ${INT_IFACE} parent 1:10 handle 10: sfq perturb 10
${TC} qdisc add dev ${INT_IFACE} parent 1:20 handle 20: sfq perturb 10
${TC} qdisc add dev ${INT_IFACE} parent 1:30 handle 30: sfq perturb 10
#
iptIntRuleLoad
}
#
dmzRuleLoad () {
# qdisk rules
${TC} qdisc del dev ${DMZ_IFACE} root
${TC} qdisc add dev ${DMZ_IFACE} root handle 1: htb default 30
# class rules
${TC} class add dev ${DMZ_IFACE} parent 1: classid 1:1 htb rate ${DMZ_RATEFULL}
${TC} class add dev ${DMZ_IFACE} parent 1:1 classid 1:10 htb rate ${DMZ_RATE10} ceil ${DMZ_RATEFULL}
${TC} class add dev ${DMZ_IFACE} parent 1:1 classid 1:20 htb rate ${DMZ_RATE20} ceil ${DMZ_RATEFULL}
${TC} class add dev ${DMZ_IFACE} parent 1:1 classid 1:30 htb rate ${DMZ_RATE30} ceil ${DMZ_RATEFULL}
# sfq rules
${TC} qdisc add dev ${DMZ_IFACE} parent 1:10 handle 10: sfq perturb 10
${TC} qdisc add dev ${DMZ_IFACE} parent 1:20 handle 20: sfq perturb 10
${TC} qdisc add dev ${DMZ_IFACE} parent 1:30 handle 30: sfq perturb 10
#
iptDmzRuleLoad
}
#------------------------------------------------------------------------------
# Start/Stop Rules
case ${1} in
start)
#--------------------------------------------------------------
# Start External Rules
if [ "${EXT_ENABLE}" = "1" ]; then
echo ; echo -n "Starting External Interface Rules"
extRuleLoad
checkStatus
#
# Show Internal Rules
echo ; echo "== Show External Interface Rules =="
echo "=== Show qdisk rules ==="
${TC} qdisc show dev ${EXT_IFACE}
echo "=== Show class rules ==="
${TC} class show dev ${EXT_IFACE}
fi
#--------------------------------------------------------------
# Start Internal Rules
if [ "${INT_ENABLE}" = "1" ]; then
echo ; echo -n "Starting Internal Interface Rules"
intRuleLoad
checkStatus
#
# Show Internal Rules
echo ; echo "== Show Internal Interface Rules =="
echo "=== Show qdisk rules ==="
${TC} qdisc show dev ${INT_IFACE}
echo "=== Show class rules ==="
${TC} class show dev ${INT_IFACE}
fi
#--------------------------------------------------------------
if [ "${DMZ_ENABLE}" = "1" ]; then
echo ; echo -n "Starting DMZ Interface Rules"
dmzRuleLoad
checkStatus
#
# Show DMZ Rules
echo ; echo "== Show Internal Interface Rules =="
echo "=== Show qdisk rules ==="
${TC} qdisc show dev ${INT_IFACE}
echo "=== Show class rules ==="
${TC} class show dev ${INT_IFACE}
fi
#--------------------------------------------------------------
;;
stop)
#--------------------------------------------------------------
# Stop Rules
if [ "${EXT_ENABLE}" = "1" ]; then
echo ; echo -n "Stoping External Interface Rules"
${TC} qdisc del dev ${EXT_IFACE} root
checkStatus
fi
#--------------------------------------------------------------
if [ "${INT_ENABLE}" = "1" ]; then
echo ; echo -n "Stoping Internal Interface Rules"
${TC} qdisc del dev ${INT_IFACE} root
checkStatus
fi
#--------------------------------------------------------------
if [ "${DMZ_ENABLE}" = "1" ]; then
echo ; echo -n "Stoping DMZ Interface Rules"
${TC} qdisc del dev ${DMZ_IFACE} root
checkStatus
fi
#--------------------------------------------------------------
;;
*)
echo "Use: $0 {start|stop}"
;;
esac
#------------------------------------------------------------------------------
# Email send
if [ -f "${LOG_FILE}" -a ! -z "${LOG_FILE}" ]; then
${CAT} "${LOG_FILE}" | ${MAIL} -s "HTB (log_file)" ${MAILTO}
fi
#--
if [ -f "${LOG_FILE_ERROR}" -a ! -z "${LOG_FILE}" ] && [ $(${CAT} "${LOG_FILE_ERROR}" | ${GREP} -v RTNETLINK | ${WC} -l) -gt 1 ]; then
${CAT} "${LOG_FILE_ERROR}" | ${MAIL} -s "HTB (log_file_error)" ${MAILTO}
fi
#------------------------------------------------------------------------------
echo
exit 0