linux流量限制....

1. 
   
2. #! /bin/sh
   
3. # Simple bandwidth limiter - <[email]j@4u.net[/email]>
   
4. # Change this to your link bandwidth
   
5. # (for cable modem, DSL links, etc. put the maximal bandwidth you can
   
6. # get, not the speed of a local Ethernet link)
   
7. REAL_BW='10Mbit'
   
8. # Change this to the bandwidth you want to allocate to WEB.
   
9. # We're talking about megabits, not megabytes, so 80Kbit is
   
10. # 10 Kilobytes/s
    
11. WEB_BW='1000Kbit'
    
12. # Change this to your physical network device (or 'ppp0')
    
13. NIC='eth0'
    
14. 
    
15. tc qdisc del dev "$NIC" root 2> /dev/null
    
16. 
    
17. tc qdisc add dev "$NIC" root handle 1: cbq \
    
18. bandwidth "$REAL_BW" avpkt 1000
    
19. 
    
20. tc class add dev "$NIC" parent 1: classid 1:1 cbq bandwidth "$REAL_BW" \
    
21. rate "$REAL_BW" maxburst 1 avpkt 1000
    
22. 
    
23. tc class add dev "$NIC" parent 1:1 classid 1:10 cbq \
    
24. bandwidth "$REAL_BW" rate "$WEB_BW" maxburst 1 avpkt 1000 bounded
    
25. 
    
26. tc qdisc add dev "$NIC" parent 1:10 sfq perturb 10
    
27. 
    
28. tc filter add dev "$NIC" parent 1: protocol ip handle 1 fw classid 1:10
    
29. 
    
30. iptables -t mangle -A OUTPUT -p tcp --sport 80 -j MARK --set-mark 1
    

复制代码

比天现在就是用这套系统来限制web的流量....加上ip线程的限制....开个http下裁也无妨咯....实际流量会有误差...用http://ethstatus.calle69.net/graphic/index.html


调整...

hehe 好东西～下个版本Discuz!核心也会有的流量限制和放DoS功能

哇.
爽.

流量限制只是一个下策..不论你怎么限制带宽还是会被占满...所以当务之急是分析web日志..查找源头...比天上周末就被当作download site了....还好平时日志保存比较完善...一查就查到了....


查日志推荐:

WebTrends Analysis Series 7.0

一个600M左右的日志...15分钟就分析完了...

htb的语法比cbq的更简单...但是需要给核心打补丁...需要2.4.20级的内核..还有新的tc....

http://luxik.cdi.cz/~devik/qos/htb/

linux的带宽控制能力非常强.

1. 
   
2. #! /bin/sh
   
3. # Simple bandwidth limiter - <[email]j@4u.net[/email]>
   
4. 
   
5. # Change this to your link bandwidth
   
6. # (for cable modem, DSL links, etc. put the maximal bandwidth you can
   
7. # get, not the speed of a local Ethernet link)
   
8. 
   
9. # Change this to the bandwidth you want to allocate to FTP.
   
10. # We're talking about megabits, not megabytes, so 80Kbit is
    
11. # 10 Kilobytes/s
    
12. real_bw=512kbit
    
13. ftp_bw=50kbit
    
14. 
    
15. # Change this to your physical network device (or 'ppp0')
    
16. NIC='eth0'
    
17. 
    
18. # Change this to the ports you assigned for passive FTP
    
19. tc qdisc del dev "$NIC" root
    
20. 
    
21. tc qdisc add dev "$NIC" root handle 1: htb
    
22. 
    
23. tc class add dev "$NIC" parent 1: classid 1:1 htb rate $real_bw ceil $real_bw burst 1k
    
24. 
    
25. tc class add dev "$NIC" parent 1:1 classid 1:10 htb rate $ftp_bw ceil $ftp_bw burst 1k
    
26. 
    
27. tc qdisc add dev "$NIC" parent 1:10 sfq perturb 10
    
28. 
    
29. tc filter add dev "$NIC" parent 1: protocol ip handle 1 fw flowid 1:10
    
30. 
    
31. iptables -t mangle -A OUTPUT -p tcp --sport 80 -j MARK --set-mark 1
    
32. 
    
33. #U32="tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32"
    
34. 
    
35. #$U32 match ip sport 80 0xffff classid 1:10
    

复制代码

能否限制每个IP或者单个链接的流量?