File "htbv2.sh"

Full path: /www/wwwroot/fabriciovc.eti.br/downloads/windows/snort/ORGANIZAR/zimbra/guardian/htbv2.sh
File size: 9.92 KiB (10161 bytes)
MIME-type: text/x-shellscript
Charset: utf-8

Download   Open   Back

#!/bin/bash
#
# htb.sh agent start/stop script.
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Script de controle de banda com iproute/htb                                 #
# http://downloads.fabriciovc.eti.br/iproute/                                 #
#                                                                             #
# Copyright (C) 2014 - Fabricio Vaccari Constanski                            #
# Fabricio Vaccari Constanski | fabriciovc@fabriciovc.eti.br                  #
# 20140811, FabricioVC - Versao inicial                                       #
# 20140820, FabricioVC - Ajustes de funcoes e envio de alertas por email      #
#                                                                             #
# Creative Commons                                                            #
# Atribuicao-Compartilhamento pela mesma Licenca 3.0 Brasil.                  #
# http://creativecommons.org/licenses/by-sa/3.0/br/                           #
#                                                                             #
# Você tem a liberdade de:                                                    #
# * Compartilhar: copiar, distribuir e transmitir a obra.                     #
# * Remixar: criar obras derivadas.                                           #
# * Fazer uso comercial da obra                                               #
#                                                                             #
# Sob as seguintes condições:                                                 #
# * Atribuição - Você deve creditar a obra da forma especificada pelo autor   #
# * Compartilhamento pela mesma licença - Se você alterar, transformar ou     #
#       criar em cima desta obra, você poderá distribuir a obra resultante    #
#       apenas sob a mesma licença, ou sob uma licença similar à presente.    #
# * Aviso: Para qualquer reutilização ou distribuição, você deve deixar claro #
#       a terceiros os termos da licença a que se encontra submetida esta     #
#       obra. A melhor maneira de fazer isso é com um link para a página      #
#       http://creativecommons.org/licenses/by/3.0/br/.                       #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#==============================================================================
# Commands
CAT="/bin/cat"
DATE="/bin/date"
GREP="/bin/grep"
IPTABLES="/sbin/iptables"
MAIL="/usr/bin/mail"
MKDIR="/bin/mkdir"
TC="/sbin/tc"
WC="/usr/bin/wc"
#
#------------------------------------------------------------------------------
MAILTO="email@domain.com"
#------------------------------------------------------------------------------
# External Interface
EXT_IFACE="eth0"	# ethX
EXT_RATEFULL="6mbit"	# in kbit/mbit
EXT_RATE10="4mbit"	# in kbit/mbit
EXT_RATE20="2mbit"	# in kbit/mbit
EXT_RATE30="1mbit"	# in kbit/mbit
EXT_ENABLE="1"		# 0=disable/1=enable
#
# Internal Interface
INT_IFACE="eth6"	# ethX
INT_RATEFULL=""		# in kbit/mbit
INT_RATE10="3mbit"	# in kbit/mbit
INT_RATE20="1mbit"	# in kbit/mbit
INT_RATE30="512kbit"	# in kbit/mbit
INT_ENABLE="0"		# 0=disable/1=enable
#
# DMZ Interface
DMZ_IFACE=""		# ethX
DMZ_RATEFULL=""		# in kbit/mbit
DMZ_RATE10="3mbit"	# in kbit/mbit
DMZ_RATE20="1mbit"	# in kbit/mbit
DMZ_RATE30="512kbit"	# in kbit/mbit
DMZ_ENABLE="0"		# 0=disable/1=enable
#
#------------------------------------------------------------------------------
# Clean Iptables Rules
${IPTABLES} -t mangle -F FORWARD
#
#------------------------------------------------------------------------------
# Date set
TODAY=$(${DATE} +"%Y%m%d")
CURRENT_TIME=$(${DATE} +"%H%M")
#
#------------------------------------------------------------------------------
# Status func
checkStatus () {
	if [ $? -eq 0 ]; then
		echo " ... done"
	else
		echo " ... failed"
	fi
}
#------------------------------------------------------------------------------
# Log Tree
LOG_DIR="/var/log/htb"
#
# Log Dir
if [ ! -d "${LOG_DIR}" ]; then
	if ! ${MKDIR} -p "${LOG_DIR}"; then
		echo "Diretorio de log não criado"
		checkStatus
	fi
fi
#
# Log File
LOG_FILE="${LOG_DIR}/htb-${TODAY}-${CURRENT_TIME}.log"
LOG_FILE_ERROR="${LOG_DIR}/htb-${TODAY}-${CURRENT_TIME}_error.log"
#
#------------------------------------------------------------------------------
# Standard Output Log
# STDOUT
exec > "${LOG_FILE}"
# STDERR
exec 2> "${LOG_FILE_ERROR}"
#------------------------------------------------------------------------------
# Iptables Rules Functions
iptExtRuleLoad () {
	${IPTABLES} -t mangle -A FORWARD -i ${INT_IFACE} -o ${EXT_IFACE} -j CLASSIFY --set-class 1:10
}

iptIntRuleLoad () {
	${IPTABLES} -t mangle -A FORWARD -i ${EXT_IFACE} -o ${INT_IFACE} -j CLASSIFY --set-class 1:10
}

iptDmzRuleLoad () {
	${IPTABLES} -t mangle -A FORWARD -i ${EXT_IFACE} -o ${DMZ_IFACE} -j CLASSIFY --set-class 1:10
}
#------------------------------------------------------------------------------
# HTB Rules Functions
extRuleLoad () {
	# qdisk rules
	${TC} qdisc del dev ${EXT_IFACE} root
	${TC} qdisc add dev ${EXT_IFACE} root handle 1: htb default 30
	# class rules
	${TC} class add dev ${EXT_IFACE} parent 1:  classid 1:1  htb rate ${EXT_RATEFULL}
	${TC} class add dev ${EXT_IFACE} parent 1:1 classid 1:10 htb rate ${EXT_RATE10} ceil ${EXT_RATE10}
	${TC} class add dev ${EXT_IFACE} parent 1:1 classid 1:20 htb rate ${EXT_RATE20} ceil ${EXT_RATE20}
	${TC} class add dev ${EXT_IFACE} parent 1:1 classid 1:30 htb rate ${EXT_RATE30} ceil ${EXT_RATE30}
	# sfq rules
	${TC} qdisc add dev ${EXT_IFACE} parent 1:10 handle 10: sfq perturb 10
	${TC} qdisc add dev ${EXT_IFACE} parent 1:20 handle 20: sfq perturb 10
	${TC} qdisc add dev ${EXT_IFACE} parent 1:30 handle 30: sfq perturb 10
	#
	iptExtRuleLoad
}
#
intRuleLoad () {
	# qdisk rules
	${TC} qdisc del dev ${INT_IFACE} root
	${TC} qdisc add dev ${INT_IFACE} root handle 1: htb default 30
	# class rules
	${TC} class add dev ${INT_IFACE} parent 1:  classid 1:1  htb rate ${INT_RATEFULL}
	${TC} class add dev ${INT_IFACE} parent 1:1 classid 1:10 htb rate ${INT_RATE10} ceil ${INT_RATEFULL}
	${TC} class add dev ${INT_IFACE} parent 1:1 classid 1:20 htb rate ${INT_RATE20} ceil ${INT_RATEFULL}
	${TC} class add dev ${INT_IFACE} parent 1:1 classid 1:30 htb rate ${INT_RATE30} ceil ${INT_RATEFULL}
	# sfq rules
	${TC} qdisc add dev ${INT_IFACE} parent 1:10 handle 10: sfq perturb 10
	${TC} qdisc add dev ${INT_IFACE} parent 1:20 handle 20: sfq perturb 10
	${TC} qdisc add dev ${INT_IFACE} parent 1:30 handle 30: sfq perturb 10
	#
	iptIntRuleLoad
}
#
dmzRuleLoad () {
	# qdisk rules
	${TC} qdisc del dev ${DMZ_IFACE} root
	${TC} qdisc add dev ${DMZ_IFACE} root handle 1: htb default 30
	# class rules
	${TC} class add dev ${DMZ_IFACE} parent 1:  classid 1:1  htb rate ${DMZ_RATEFULL}
	${TC} class add dev ${DMZ_IFACE} parent 1:1 classid 1:10 htb rate ${DMZ_RATE10} ceil ${DMZ_RATEFULL}
	${TC} class add dev ${DMZ_IFACE} parent 1:1 classid 1:20 htb rate ${DMZ_RATE20} ceil ${DMZ_RATEFULL}
	${TC} class add dev ${DMZ_IFACE} parent 1:1 classid 1:30 htb rate ${DMZ_RATE30} ceil ${DMZ_RATEFULL}
	# sfq rules
	${TC} qdisc add dev ${DMZ_IFACE} parent 1:10 handle 10: sfq perturb 10
	${TC} qdisc add dev ${DMZ_IFACE} parent 1:20 handle 20: sfq perturb 10
	${TC} qdisc add dev ${DMZ_IFACE} parent 1:30 handle 30: sfq perturb 10
	#
	iptDmzRuleLoad
}
#------------------------------------------------------------------------------
# Start/Stop Rules
case ${1} in
	start)
		#--------------------------------------------------------------
		# Start External Rules
		if [ "${EXT_ENABLE}" = "1" ]; then 
			echo ; echo -n "Starting External Interface Rules"
			extRuleLoad
			checkStatus
			#
			# Show Internal Rules
			echo ; echo "== Show External Interface Rules =="
			echo "=== Show qdisk rules ==="
			${TC} qdisc show dev ${EXT_IFACE}
			echo "=== Show class rules ==="
			${TC} class show dev ${EXT_IFACE}
		fi
		#--------------------------------------------------------------
		# Start Internal Rules
		if [ "${INT_ENABLE}" = "1" ]; then 
			echo ; echo -n "Starting Internal Interface Rules"
			intRuleLoad
			checkStatus
			#
			# Show Internal Rules
			echo ; echo "== Show Internal Interface Rules =="
			echo "=== Show qdisk rules ==="
			${TC} qdisc show dev ${INT_IFACE}
			echo "=== Show class rules ==="
			${TC} class show dev ${INT_IFACE}
		fi
		#--------------------------------------------------------------
		if [ "${DMZ_ENABLE}" = "1" ]; then 
			echo ; echo -n "Starting DMZ Interface Rules"
			dmzRuleLoad
			checkStatus
			#
			# Show DMZ Rules
			echo ; echo "== Show Internal Interface Rules =="
			echo "=== Show qdisk rules ==="
			${TC} qdisc show dev ${INT_IFACE}
			echo "=== Show class rules ==="
			${TC} class show dev ${INT_IFACE}
		fi
		#--------------------------------------------------------------
		;;
	stop)
		#--------------------------------------------------------------
		# Stop Rules
		if [ "${EXT_ENABLE}" = "1" ]; then 
			echo ; echo -n "Stoping External Interface Rules"
			${TC} qdisc del dev ${EXT_IFACE} root
			checkStatus
		fi
		#--------------------------------------------------------------
		if [ "${INT_ENABLE}" = "1" ]; then 
			echo ; echo -n "Stoping Internal Interface Rules"
			${TC} qdisc del dev ${INT_IFACE} root
			checkStatus
		fi
		#--------------------------------------------------------------
		if [ "${DMZ_ENABLE}" = "1" ]; then 
			echo ; echo -n "Stoping DMZ Interface Rules"
			${TC} qdisc del dev ${DMZ_IFACE} root
			checkStatus
		fi
		#--------------------------------------------------------------
		;;
	*)
		echo "Use: $0 {start|stop}"
		;;
esac
#------------------------------------------------------------------------------
# Email send
if [ -f "${LOG_FILE}" -a ! -z "${LOG_FILE}" ]; then
        ${CAT} "${LOG_FILE}" | ${MAIL} -s "HTB (log_file)" ${MAILTO}
fi
#--
if [ -f "${LOG_FILE_ERROR}" -a ! -z "${LOG_FILE}" ] && [ $(${CAT} "${LOG_FILE_ERROR}" | ${GREP} -v RTNETLINK | ${WC} -l) -gt 1 ]; then
        ${CAT} "${LOG_FILE_ERROR}" | ${MAIL} -s "HTB (log_file_error)" ${MAILTO}
fi
#------------------------------------------------------------------------------
echo
exit 0

PHP File Manager