Документация по ОС FreeBSD Понедельник, 29.04.2024, 14:26
Главная
Регистрация
Вход
Приветствую Вас Гость | RSS
Меню сайта

Категории каталога
Apache [58]
DNS [25]
FTP [27]
Mail [74]
Samba [24]
Squid [46]
SSH [23]
VPN [35]
РРР [20]
Net [173]

Главная » Статьи » Сеть » Squid
Пример скрипта автоматической настройки dummynet во FreeBSD [2008] (Часть 2)
    #Default rule - deny all not in pass_lan_users_acl
    ${ipfw_cmd} add deny all from any to any in via ${iif} // deny not allowed LAN IPs

    #Additional access control

    ${ipfw_cmd} add ${f_num_aacb} count all from any to any // begin additional access control block

    case ${anti_spambot_enable} in
    [Yy][Ee][Ss])

    #Anti-spambot
    #Apply anti_spambot_allowed_servers_acl
    for loop in ${anti_spambot_allowed_servers_acl}
    do
      echo $loop | ${grep_cmd} -v "^#" > ${dev_null}
      if [ $? -eq 0 ]; then
        ${ipfw_cmd} add skipto ${f_num_outshb} all from ${inet}:${imask} to ${loop} 25 in via ${iif} // Anti-spambot - allowed servers
      fi
    done
    ${ipfw_cmd} add deny log all from ${inet}:${imask} to any 25 in via ${iif} // Anti-spambot - deny all other servers

    ;;
    *)
    ;;
    esac

    #Stop windows flood from inside
    ${ipfw_cmd} add deny all from ${inet}:${imask} to ${inet}:${imask} 135,137-139,445 in via ${iif} // Stop windows flood from inside

###############################################################################

    #Inject to pipes (outgoing packets)
    ##############################

    case ${shaper_enable} in
    [Yy][Ee][Ss])
   
    ${ipfw_cmd} add ${f_num_outshb} count all from any to any // begin shaper block \|out\|

    if [ ! -z ${shaped_ext_res_ne_flag} ]; then
   
    #Not shaped resources
    #Apply not_shaped_ext_res_acl
    for loop in ${not_shaped_ext_res_acl}
    do
      echo $loop | ${grep_cmd} -v "^#" > ${dev_null}
      if [ $? -eq 0 ]; then
        ${ipfw_cmd} add skipto ${f_num_natb} all from ${inet}:${imask} to ${loop} in via ${iif} // skip not shaped resources \|out\|
      fi
    done

    fi

    if [ ! -z ${shaped_users_ne_flag} ]; then

    #Not shaped users
    #Apply not_shaped_users_acl
    for loop in ${not_shaped_users_acl}
    do
      echo $loop | ${grep_cmd} -v "^#" > ${dev_null}
      if [ $? -eq 0 ]; then
        ${ipfw_cmd} add skipto ${f_num_natb} all from ${loop} to any in via ${iif} // skip not shaped users \|out\|
      fi
    done

    fi

    #External resources pipes
   
    if [ ! -z ${shaped_ext_res_ne_flag} ]; then

    ${ipfw_cmd} add ${f_num_routshb} count all from any to any // begin external resources shaper block \|out\|
   
    #External resources group 1
    #Apply shaped_ext_res_g1_acl
    for loop in ${shaped_ext_res_g1_acl}
    do
      echo $loop | ${grep_cmd} -v "^#" > ${dev_null}
      if [ $? -eq 0 ]; then
        ${ipfw_cmd} add skipto ${f_num_routshb_inj} tag ${shaped_ext_res_g1_pipe_num_out} all from ${inet}:${imask} to ${loop} in via ${iif} // tagging  \|out\|
        shaped_ext_res_g1_ne_flag="yes"
      fi
    done

    #External resources group 2
    #Apply shaped_ext_res_g2_acl
    for loop in ${shaped_ext_res_g2_acl}
    do
      echo $loop | ${grep_cmd} -v "^#" > ${dev_null}
      if [ $? -eq 0 ]; then
        ${ipfw_cmd} add skipto ${f_num_routshb_inj} tag ${shaped_ext_res_g2_pipe_num_out} all from ${inet}:${imask} to ${loop} in via ${iif} // tagging  \|out\|
        shaped_ext_res_g2_ne_flag="yes"
      fi
    done
   
    #External resources group 3
    #Apply shaped_ext_res_g3_acl
    for loop in ${shaped_ext_res_g3_acl}
    do
      echo $loop | ${grep_cmd} -v "^#" > ${dev_null}
      if [ $? -eq 0 ]; then
        ${ipfw_cmd} add skipto ${f_num_routshb_inj} tag ${shaped_ext_res_g3_pipe_num_out} all from ${inet}:${imask} to ${loop} in via ${iif} // tagging  \|out\|
        shaped_ext_res_g3_ne_flag="yes"
      fi
    done

    #Add more groups below
    #...
   
    ${ipfw_cmd} add ${f_num_routshb_inj} count all from any to any // begin inject tagged to pipes block \|out\|
   
    #Inject tagged to pipes
    #Per user pipes
    if [ ! -z ${shaped_ext_res_g1_ne_flag} ]; then
      ${ipfw_cmd} add pipe ${shaped_ext_res_g1_pipe_num_out} all from any to any in via ${iif} tagged ${shaped_ext_res_g1_pipe_num_out} // pipe \(${shaped_ext_res_g1_name}:${shaped_ext_res_g1_bw_out}:${shaped_ext_res_g1_q_out}\) \|out\|
    fi
    if [ ! -z ${shaped_ext_res_g2_ne_flag} ]; then
      ${ipfw_cmd} add pipe ${shaped_ext_res_g2_pipe_num_out} all from any to any in via ${iif} tagged ${shaped_ext_res_g2_pipe_num_out} // pipe \(${shaped_ext_res_g2_name}:${shaped_ext_res_g2_bw_out}:${shaped_ext_res_g2_q_out}\) \|out\|
    fi
    if [ ! -z ${shaped_ext_res_g3_ne_flag} ]; then
      ${ipfw_cmd} add pipe ${shaped_ext_res_g3_pipe_num_out} all from any to any in via ${iif} tagged ${shaped_ext_res_g3_pipe_num_out} // pipe \(${shaped_ext_res_g3_name}:${shaped_ext_res_g3_bw_out}:${shaped_ext_res_g3_q_out}\) \|out\|
    fi
    #Collective pipe
    ${ipfw_cmd} add pipe ${sum_shaped_ext_res_pipe_num_out} tag ${sum_shaped_ext_res_pipe_num_out} all from any to any in via ${iif} tagged ${shaped_ext_res_g1_pipe_num_out},${shaped_ext_res_g2_pipe_num_out},${shaped_ext_res_g3_pipe_num_out} // collective pipe \(${sum_shaped_ext_res_bw_out}:${sum_shaped_ext_res_q_out}\) \|out\|
    ${ipfw_cmd} add skipto ${f_num_natb} all from any to any in via ${iif} tagged ${sum_shaped_ext_res_pipe_num_out} // end of external resources shaper block \|out\|

    fi

    #User pipes

    if [ ! -z ${shaped_users_ne_flag} ]; then

    ${ipfw_cmd} add ${f_num_uoutshb} count all from any to any // begin users shaper block \|out\|
   
    #User group 1
    #Apply shaped_users_g1_acl
    for loop in ${shaped_users_g1_acl}
    do
      echo $loop | ${grep_cmd} -v "^#" > ${dev_null}
      if [ $? -eq 0 ]; then
        ${ipfw_cmd} add skipto ${f_num_uoutshb_inj} tag ${shaped_users_g1_pipe_num_out} all from ${loop} to any in via ${iif} // tagging  \|out\|
        shaped_users_g1_ne_flag="yes"
      fi
    done

    #User group 2
    #Apply shaped_users_g2_acl
    for loop in ${shaped_users_g2_acl}
    do
      echo $loop | ${grep_cmd} -v "^#" > ${dev_null}
      if [ $? -eq 0 ]; then
        ${ipfw_cmd} add skipto ${f_num_uoutshb_inj} tag ${shaped_users_g2_pipe_num_out} all from ${loop} to any in via ${iif} // tagging  \|out\|
        shaped_users_g2_ne_flag="yes"
      fi
    done
   
    #User group 3
    #Apply shaped_users_g3_acl
    for loop in ${shaped_users_g3_acl}
    do
      echo $loop | ${grep_cmd} -v "^#" > ${dev_null}
      if [ $? -eq 0 ]; then
        ${ipfw_cmd} add skipto ${f_num_uoutshb_inj} tag ${shaped_users_g3_pipe_num_out} all from ${loop} to any in via ${iif} // tagging  \|out\|
        shaped_users_g3_ne_flag="yes"
      fi
    done

    #Add more groups below
    #...
   
    ${ipfw_cmd} add ${f_num_uoutshb_inj} count all from any to any // begin inject tagged to pipes block \|out\|
   
    #Inject tagged to pipes
    #Per user pipes
    if [ ! -z ${shaped_users_g1_ne_flag} ]; then
      ${ipfw_cmd} add pipe ${shaped_users_g1_pipe_num_out} all from any to any in via ${iif} tagged ${shaped_users_g1_pipe_num_out} // pipe \(${shaped_users_g1_name}:${shaped_users_g1_bw_out}:${shaped_users_g1_q_out}\) \|out\|
    fi
    if [ ! -z ${shaped_users_g2_ne_flag} ]; then
      ${ipfw_cmd} add pipe ${shaped_users_g2_pipe_num_out} all from any to any in via ${iif} tagged ${shaped_users_g2_pipe_num_out} // pipe \(${shaped_users_g2_name}:${shaped_users_g2_bw_out}:${shaped_users_g2_q_out}\) \|out\|
    fi
    if [ ! -z ${shaped_users_g3_ne_flag} ]; then
      ${ipfw_cmd} add pipe ${shaped_users_g3_pipe_num_out} all from any to any in via ${iif} tagged ${shaped_users_g3_pipe_num_out} // pipe \(${shaped_users_g3_name}:${shaped_users_g3_bw_out}:${shaped_users_g3_q_out}\) \|out\|
    fi
    #Collective pipe
    ${ipfw_cmd} add pipe ${sum_shaped_users_pipe_num_out} tag ${sum_shaped_users_pipe_num_out} all from any to any in via ${iif} tagged ${shaped_users_g1_pipe_num_out},${shaped_users_g2_pipe_num_out},${shaped_users_g3_pipe_num_out} // collective pipe \(${sum_shaped_users_bw_out}:${sum_shaped_users_q_out}\) \|out\|
    ${ipfw_cmd} add skipto ${f_num_natb} all from any to any in via ${iif} tagged ${sum_shaped_users_pipe_num_out} // end of external resources shaper block \|out\|

    fi

    #Add more pipe groups below
    #...
   
    ;;
    *)
    ;;
    esac

###############################################################################

    #Skip all outgoing traffic up to standart rules block
    ${ipfw_cmd} add skipto ${f_num_stdb} all from any to any in via ${iif} // skip outgoing traffic up to standart rules block

    ${ipfw_cmd} add ${f_num_natb} count all from any to any // begin NAT block

    #NAT rules
    ${ipfw_cmd} add divert natd all from any to any via ${oif} // NAT

    #Stop windows flood from outside
    ${ipfw_cmd} add deny all from any to ${onet}:${omask} 135,137-139,445 in via ${oif} // Stop windows flood from outside

###############################################################################

    #Inject to pipes (incoming packets)
    ##############################

    case ${shaper_enable} in
    [Yy][Ee][Ss])
   
    ${ipfw_cmd} add ${f_num_inshb} count all from any to any // begin shaper block \|in\|

    if [ ! -z ${shaped_ext_res_ne_flag} ]; then
   
    #Not shaped resources
    #Apply not_shaped_ext_res_acl
    for loop in ${not_shaped_ext_res_acl}
    do
      echo $loop | ${grep_cmd} -v "^#" > ${dev_null}
      if [ $? -eq 0 ]; then
        ${ipfw_cmd} add skipto ${f_num_stdb} all from ${loop} to ${inet}:${imask} in via ${oif} // skip not shaped resources \|in\|
      fi
    done

    fi

    if [ ! -z ${shaped_users_ne_flag} ]; then

    #Not shaped users
    #Apply not_shaped_users_acl
    for loop in ${not_shaped_users_acl}
    do
      echo $loop | ${grep_cmd} -v "^#" > ${dev_null}
      if [ $? -eq 0 ]; then
        ${ipfw_cmd} add skipto ${f_num_stdb} all from any to ${loop} in via ${oif} // skip not shaped users \|in\|
      fi
    done

    fi

    #External resources pipes

    if [ ! -z ${shaped_ext_res_ne_flag} ]; then
   
    ${ipfw_cmd} add ${f_num_rinshb} count all from any to any // begin external resources shaper block \|in\|
   
    #External resources group 1
    #Apply shaped_ext_res_g1_acl
    for loop in ${shaped_ext_res_g1_acl}
    do
      echo $loop | ${grep_cmd} -v "^#" > ${dev_null}
      if [ $? -eq 0 ]; then
        ${ipfw_cmd} add skipto ${f_num_rinshb_inj} tag ${shaped_ext_res_g1_pipe_num_in} all from ${loop} to ${inet}:${imask} in via ${oif} // tagging  \|in\|
      fi
    done

    #External resources group 2
    #Apply shaped_ext_res_g2_acl
    for loop in ${shaped_ext_res_g2_acl}
    do
      echo $loop | ${grep_cmd} -v "^#" > ${dev_null}
      if [ $? -eq 0 ]; then
        ${ipfw_cmd} add skipto ${f_num_rinshb_inj} tag ${shaped_ext_res_g2_pipe_num_in} all from ${loop} to ${inet}:${imask} in via ${oif} // tagging  \|in\|
      fi
    done
   
    #External resources group 3
    #Apply shaped_ext_res_g3_acl
    for loop in ${shaped_ext_res_g3_acl}
    do
      echo $loop | ${grep_cmd} -v "^#" > ${dev_null}
      if [ $? -eq 0 ]; then
        ${ipfw_cmd} add skipto ${f_num_rinshb_inj} tag ${shaped_ext_res_g3_pipe_num_in} all from ${loop} to ${inet}:${imask} in via ${oif} // tagging  \|in\|
      fi
    done

    #Add more groups below
    #...
   
    ${ipfw_cmd} add ${f_num_rinshb_inj} count all from any to any // begin inject tagged to pipes block \|in\|
   
    #Inject tagged to pipes
    #Per user pipes
    if [ ! -z ${shaped_ext_res_g1_ne_flag} ]; then
      ${ipfw_cmd} add pipe ${shaped_ext_res_g1_pipe_num_in} all from any to any in via ${oif} tagged ${shaped_ext_res_g1_pipe_num_in} // pipe \(${shaped_ext_res_g1_name}:${shaped_ext_res_g1_bw_in}:${shaped_ext_res_g1_q_in}\) \|in\|
    fi
    if [ ! -z ${shaped_ext_res_g2_ne_flag} ]; then
      ${ipfw_cmd} add pipe ${shaped_ext_res_g2_pipe_num_in} all from any to any in via ${oif} tagged ${shaped_ext_res_g2_pipe_num_in} // pipe \(${shaped_ext_res_g2_name}:${shaped_ext_res_g2_bw_in}:${shaped_ext_res_g2_q_in}\) \|in\|
    fi
    if [ ! -z ${shaped_ext_res_g3_ne_flag} ]; then
      ${ipfw_cmd} add pipe ${shaped_ext_res_g3_pipe_num_in} all from any to any in via ${oif} tagged ${shaped_ext_res_g3_pipe_num_in} // pipe \(${shaped_ext_res_g3_name}:${shaped_ext_res_g3_bw_in}:${shaped_ext_res_g3_q_in}\) \|in\|
    fi
    #Collective pipe
    ${ipfw_cmd} add pipe ${sum_shaped_ext_res_pipe_num_in} tag ${sum_shaped_ext_res_pipe_num_in} all from any to any in via ${oif} tagged ${shaped_ext_res_g1_pipe_num_in},${shaped_ext_res_g2_pipe_num_in},${shaped_ext_res_g3_pipe_num_in} // collective pipe \(${sum_shaped_ext_res_bw_in}:${sum_shaped_ext_res_q_in}\) \|in\|
    ${ipfw_cmd} add skipto ${f_num_stdb} all from any to any in via ${oif} tagged ${sum_shaped_ext_res_pipe_num_in} // end of external resources shaper block \|in\|

    fi

    #User pipes

    if [ ! -z ${shaped_users_ne_flag} ]; then

    ${ipfw_cmd} add ${f_num_uinshb} count all from any to any // begin users shaper block \|in\|
   
    #User group 1
    #Apply shaped_users_g1_acl
    for loop in ${shaped_users_g1_acl}
    do
      echo $loop | ${grep_cmd} -v "^#" > ${dev_null}
      if [ $? -eq 0 ]; then
        ${ipfw_cmd} add skipto ${f_num_uinshb_inj} tag ${shaped_users_g1_pipe_num_in} all from any to ${loop} in via ${oif} // tagging  \|in\|
      fi
    done

    #User group 2
    #Apply shaped_users_g2_acl
    for loop in ${shaped_users_g2_acl}
    do
      echo $loop | ${grep_cmd} -v "^#" > ${dev_null}
      if [ $? -eq 0 ]; then
        ${ipfw_cmd} add skipto ${f_num_uinshb_inj} tag ${shaped_users_g2_pipe_num_in} all from any to ${loop} in via ${oif} // tagging  \|in\|
      fi
    done
   
    #User group 3
    #Apply shaped_users_g3_acl
    for loop in ${shaped_users_g3_acl}
    do
      echo $loop | ${grep_cmd} -v "^#" > ${dev_null}
      if [ $? -eq 0 ]; then
        ${ipfw_cmd} add skipto ${f_num_uinshb_inj} tag ${shaped_users_g3_pipe_num_in} all from any to ${loop} in via ${oif} // tagging  \|in\|
      fi
    done

    #Add more groups below
    #...
   
    ${ipfw_cmd} add ${f_num_uinshb_inj} count all from any to any // begin inject tagged to pipes block \|in\|
   
    #Inject tagged to pipes
    #Per user pipes
    if [ ! -z ${shaped_users_g1_ne_flag} ]; then
      ${ipfw_cmd} add pipe ${shaped_users_g1_pipe_num_in} all from any to any in via ${oif} tagged ${shaped_users_g1_pipe_num_in} // pipe \(${shaped_users_g1_name}:${shaped_users_g1_bw_in}:${shaped_users_g1_q_in}\) \|in\|
    fi
    if [ ! -z ${shaped_users_g2_ne_flag} ]; then
      ${ipfw_cmd} add pipe ${shaped_users_g2_pipe_num_in} all from any to any in via ${oif} tagged ${shaped_users_g2_pipe_num_in} // pipe \(${shaped_users_g2_name}:${shaped_users_g2_bw_in}:${shaped_users_g2_q_in}\) \|in\|
    fi
    if [ ! -z ${shaped_users_g3_ne_flag} ]; then
      ${ipfw_cmd} add pipe ${shaped_users_g3_pipe_num_in} all from any to any in via ${oif} tagged ${shaped_users_g3_pipe_num_in} // pipe \(${shaped_users_g3_name}:${shaped_users_g3_bw_in}:${shaped_users_g3_q_in}\) \|in\|
    fi
    #Collective pipe
    ${ipfw_cmd} add pipe ${sum_shaped_users_pipe_num_in} tag ${sum_shaped_users_pipe_num_in} all from any to any in via ${oif} tagged ${shaped_users_g1_pipe_num_in},${shaped_users_g2_pipe_num_in},${shaped_users_g3_pipe_num_in} // collective pipe \(${sum_shaped_users_bw_in}:${sum_shaped_users_q_in}\) \|in\|
    ${ipfw_cmd} add skipto ${f_num_stdb} all from any to any in via ${oif} tagged ${sum_shaped_users_pipe_num_in} // end of external resources shaper block \|in\|

    fi

    #Add more pipe groups below
    #...

    ;;
    *)
    ;;
    esac

###############################################################################

    #Standart rules
    ##############################

    ${ipfw_cmd} add ${f_num_stdb} count all from any to any // begin standart block
   
    #Allow TCP through if setup succeeded
    ${ipfw_cmd} add pass tcp from any to any established // allow packets RST or ACK bits set

    #Allow only secure ICMP types
    ${ipfw_cmd} add pass icmp from any to any icmptypes 0,3,4,8,11 // allow ICMP 0,3,4,8,11
    ${ipfw_cmd} add deny log icmp from any to any // deny other ICMP
   
    #Allow IP fragments to pass through
    ${ipfw_cmd} add pass all from any to any frag // allow IP fragments

    #Allow access to our ssh
    #Allow from LAN
    ${ipfw_cmd} add pass tcp from ${inet}:${imask} to ${iip} 22 in via ${iif} // allow SSH from LAN
    #From outside
    #Apply pass_ssh_acl
    for loop in ${pass_ssh_acl}
    do
      echo $loop | ${grep_cmd} -v "^#" > ${dev_null}
      if [ $? -eq 0 ]; then
        ${ipfw_cmd} add pass tcp from ${loop} to ${oip} 22 in via ${oif} // allow SSH
      fi
    done
    # Block all another packets to 22 port
    ${ipfw_cmd} add deny log tcp from any to ${oip},${iip} 22 // deny SSH for all other

###############################################################################

    #Particular connections block
    ##############################

    #Allow a particular connection to go through the firewall.
    #Interval (f_num_pcb - f_num_lastb) must be conformed with `punch_fw` natd
    #option if you use this (man natd). Using for dynamic rules created by natd
    #for correctly work FTP in active mode through ipfw and similar.
   
    ${ipfw_cmd} add ${f_num_pcb} count all from any to any // begin particular connection block

###############################################################################

    #Last block
    ##############################

    ${ipfw_cmd} add ${f_num_lastb} count all from any to any // begin last block

    # Reject and log all setup of incoming connections from the outside
    ${ipfw_cmd} add deny log tcp from any to ${oip} in via ${oif} setup // reject all incoming TCP connection from outside

    # Allow any to any
    ${ipfw_cmd} add 65534 pass all from any to any // allow from any to any - the end of rules

###############################################################################

    #Pipes
    ##############################

    case ${shaper_enable} in
    [Yy][Ee][Ss])

    #Reject to leave firewall after injecting packets to pipe.
    #Else maybe set net.inet.ip.fw.one_pass=0.
    ${ipfw_cmd} disable one_pass

    #pipes config

    #External resources pipes

    if [ ! -z ${shaped_ext_res_ne_flag} ]; then

    #External resources group 1
    if [ ! -z ${shaped_ext_res_g1_ne_flag} ]; then
      ${ipfw_cmd} pipe ${shaped_ext_res_g1_pipe_num_in} config bw ${shaped_ext_res_g1_bw_in} queue ${shaped_ext_res_g1_q_in} mask dst-ip 0xffffffff
      ${ipfw_cmd} pipe ${shaped_ext_res_g1_pipe_num_out} config bw ${shaped_ext_res_g1_bw_out} queue ${shaped_ext_res_g1_q_out} mask src-ip 0xffffffff
    fi

    #External resources group 2
    if [ ! -z ${shaped_ext_res_g2_ne_flag} ]; then
      ${ipfw_cmd} pipe ${shaped_ext_res_g2_pipe_num_in} config bw ${shaped_ext_res_g2_bw_in} queue ${shaped_ext_res_g2_q_in} mask dst-ip 0xffffffff
      ${ipfw_cmd} pipe ${shaped_ext_res_g2_pipe_num_out} config bw ${shaped_ext_res_g2_bw_out} queue ${shaped_ext_res_g2_q_out} mask src-ip 0xffffffff
    fi

    #External resources group 3
    if [ ! -z ${shaped_ext_res_g3_ne_flag} ]; then
      ${ipfw_cmd} pipe ${shaped_ext_res_g3_pipe_num_in} config bw ${shaped_ext_res_g3_bw_in} queue ${shaped_ext_res_g3_q_in} mask dst-ip 0xffffffff
      ${ipfw_cmd} pipe ${shaped_ext_res_g3_pipe_num_out} config bw ${shaped_ext_res_g3_bw_out} queue ${shaped_ext_res_g3_q_out} mask src-ip 0xffffffff
    fi

    #Add more groups below
    #...

    #Collective user's pipe
    ${ipfw_cmd} pipe ${sum_shaped_ext_res_pipe_num_in} config bw ${sum_shaped_ext_res_bw_in} queue ${sum_shaped_ext_res_q_in}
    ${ipfw_cmd} pipe ${sum_shaped_ext_res_pipe_num_out} config bw ${sum_shaped_ext_res_bw_out} queue ${sum_shaped_ext_res_q_out}

    fi

    #Personal pipes for each user

    if [ ! -z ${shaped_users_ne_flag} ]; then

    #User group 1
    if [ ! -z ${shaped_users_g1_ne_flag} ]; then
      ${ipfw_cmd} pipe ${shaped_users_g1_pipe_num_in} config bw ${shaped_users_g1_bw_in} queue ${shaped_users_g1_q_in} mask dst-ip 0xffffffff
      ${ipfw_cmd} pipe ${shaped_users_g1_pipe_num_out} config bw ${shaped_users_g1_bw_out} queue ${shaped_users_g1_q_out} mask src-ip 0xffffffff
    fi

    #User group 2
    if [ ! -z ${shaped_users_g2_ne_flag} ]; then
      ${ipfw_cmd} pipe ${shaped_users_g2_pipe_num_in} config bw ${shaped_users_g2_bw_in} queue ${shaped_users_g2_q_in} mask dst-ip 0xffffffff
      ${ipfw_cmd} pipe ${shaped_users_g2_pipe_num_out} config bw ${shaped_users_g2_bw_out} queue ${shaped_users_g2_q_out} mask src-ip 0xffffffff
    fi

    #User group 3
    if [ ! -z ${shaped_users_g3_ne_flag} ]; then
      ${ipfw_cmd} pipe ${shaped_users_g3_pipe_num_in} config bw ${shaped_users_g3_bw_in} queue ${shaped_users_g3_q_in} mask dst-ip 0xffffffff
      ${ipfw_cmd} pipe ${shaped_users_g3_pipe_num_out} config bw ${shaped_users_g3_bw_out} queue ${shaped_users_g3_q_out} mask src-ip 0xffffffff
    fi

    #Add more groups below
    #...

    #Collective user's pipe
    ${ipfw_cmd} pipe ${sum_shaped_users_pipe_num_in} config bw ${sum_shaped_users_bw_in} queue ${sum_shaped_users_q_in}
    ${ipfw_cmd} pipe ${sum_shaped_users_pipe_num_out} config bw ${sum_shaped_users_bw_out} queue ${sum_shaped_users_q_out}

    fi

    ;;
    *)
    ;;
    esac
   
###############################################################################

#The end

Источник: http://www.opennet.ru/base/net/ipfwdummynet.txt.html
Категория: Squid | Добавил: oleg (26.03.2008) | Автор: Pavel Ustyugov
Просмотров: 1439 | Рейтинг: 0.0/0 |
Всего комментариев: 0
Добавлять комментарии могут только зарегистрированные пользователи.
[ Регистрация | Вход ]
Форма входа

Beastie

Друзья сайта

Статистика
Онлайн всего: 1
Гостей: 1
Пользователей: 0
links

Copyright MyCorp © 2024