Недавно стала необходимость настроить сервер с шейпером трафика... Использование прокси забраковали сразу(Начальство)... По памяти вспомнил что можно реализовать через DUMMYNET.... Написал небольшой списко правил для фаервола:
Код: Выделить всё
#!/bin/sh
fwcmd='/sbin/ipfw -q'
home_net='10.0.0.0/24'
user='10.0.0'
user_ports='80,21,25,110,443,53'
inet_ports='80,21,25,110,443,53'
out='tun0'
net='rl1'
${fwcmd} -f flush
${fwcmd} -f pipe flush
${fwcmd} -f queue flush
${fwcmd} add 100 check-state
${fwcmd} add 300 allow ip from any to any via lo
${fwcmd} add 310 allow ip from me to any keep-state
${fwcmd} add 320 allow ip from any to me ${inet_ports} via ${out} keep-state
${fwcmd} add 400 allow tcp from any to me ${user_ports} via ${net} keep-state
#
${fwcmd} add 530 divert natd ip from ${net} to any out via ${out}
${fwcmd} add 540 divert natd ip from any to me in via ${out}
#
${fwcmd} add 600 deny ip from 10.0.0.0/8 to any out via ${out}
${fwcmd} add 610 deny ip from 172.16.0.0/12 to any out via ${out}
${fwcmd} add 620 deny ip from 192.168.0.0/16 to any out via ${out}
#
${fwcmd} pipe 7002 config bw 128Kbit/s
${fwcmd} pipe 8002 config bw 128Kbit/s
${fwcmd} add 7002 pipe 7002 ip from any to ${user}.2 in via ${net}
${fwcmd} add 8002 pipe 8002 ip from ${user}.2 to any out via ${net} limit src-addr 20
#
${fwcmd} pipe 7003 config bw 64Kbit/s
${fwcmd} pipe 8003 config bw 64Kbit/s
${fwcmd} add 7003 pipe 7003 ip from any to ${user}.3 in via ${net}
${fwcmd} add 8003 pipe 8003 ip from ${user}.3 to any out via ${net} limit src-addr 20
${fwcmd} add 50000 deny ip from any to any
Заранее благодарен.