标签:root urb 效果 table eth iptables and new for
iptables限速,在虚拟机上测试过,好像没有限速的效果
iptables -A FORWARD -m limit -d 192.168.23.1 --limit 300/s --limit-burst 100 -j ACCEPT
iptables -A FORWARD -d 192.168.23.1 -j DROP
iptables -A FORWARD -m limit -s 192.168.23.1 --limit 300/s --limit-burst 100 -j ACCEPT
iptables -A FORWARD -s 192.168.23.1 -j DROP
iptables -I FORWARD -p tcp --dport 22 -m state --state NEW -m limit --limit 3/s -j ACCEPT
tc ip限速,有一次限速成功
tc qdisc del dev eth0 root //清除eth0上的规则
tc qdisc add dev eth0 root handle 1: cbq avpkt 1000 bandwidth 100Mbit
tc class add dev eth0 parent 1: classid 1:1 cbq rate 3kbit allot 15 prio 5 bounded
tc filter add dev eth0 parent 1: protocol ip prio 16 u32 match ip dst 0.0.0.0/32 flowid 1:1
tc qdisc add dev eth0 parent 1:1 sfq perturb 10
//限速22端口,经测试已经成功,由于使用的是虚拟机,不确定实际效果如何
tc qdisc del dev eth0 root //清除eth0上的规则
tc qdisc add dev eth0 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8
tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 50Kbit weight 50Kbit prio 8 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded
tc class add dev eth0 parent 1:1 classid 1:4 cbq bandwidth 100Mbit rate 50Kbit weight 50Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000
tc qdisc add dev eth0 parent 1:4 handle 40: sfq
tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip sport 22 0xffff flowid 1:4
标签:root urb 效果 table eth iptables and new for
原文地址:http://www.cnblogs.com/xianfeiyu/p/7145566.html
