From 84df3cc861600039089eb447725c4c5663078bab Mon Sep 17 00:00:00 2001 From: Guillaume DELVIT Date: Sun, 26 Jan 2020 19:29:18 +0100 Subject: [PATCH 1/5] Add Fortinte low latency parameters Add Fortinte low latency parameters --- DSCP-ipv4.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/DSCP-ipv4.sh b/DSCP-ipv4.sh index 2e3aa48..5768c7d 100644 --- a/DSCP-ipv4.sh +++ b/DSCP-ipv4.sh @@ -80,6 +80,15 @@ iptmark ! -p tcp -m set --match-set latsens src,dst -j DSCP --set-dscp-class CS6 iptmark -p tcp -m set --match-set latsens src,dst -j DSCP --set-dscp-class CS5 -m comment --comment "latency sensitive ipset" ## set dscp tag for Latency Sensitive (latsens) ipset +#Fortnite - PC +#TCP: 5222,5795-5847 +#UDP: 5222,5795-5847 +iptmark -p tcp -m multiport --port 5222 -j DSCP --set-dscp-class CS5 -m comment --comment "Fortnite - PC tcp" +iptmark -p udp -m multiport --port 5222 -j DSCP --set-dscp-class CS5 -m comment --comment "Fortnite - PC udp" + +iptmark -p tcp -m multiport --dports 5795:5847 -j DSCP --set-dscp-class CS5 -m comment --comment "Fortnite - PC tcp2" +iptmark -p udp -m multiport --dports 5795:5847 -j DSCP --set-dscp-class CS5 -m comment --comment "Fortnite - PC udp2" + ######## ##Browsing ######## From 5051b9a3ad7bfb951a1682d6c6897f7c10a93003 Mon Sep 17 00:00:00 2001 From: Guillaume DELVIT Date: Sun, 26 Jan 2020 19:32:21 +0100 Subject: [PATCH 2/5] Add example to limit bandwidth Add example to limit bandwidth like limiting video stream on 4G/LTE with quota to 480p (200ko/s) ! --- DSCP-ipv4.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/DSCP-ipv4.sh b/DSCP-ipv4.sh index 2e3aa48..27c4d7e 100644 --- a/DSCP-ipv4.sh +++ b/DSCP-ipv4.sh @@ -47,6 +47,11 @@ iptmark(){ $IPT -t mangle -A dscp_mark "$@" } +# Example How to limit video to 200ko/s in case you're on quota ( 4G/LTE ) +# first clean all : +#iptables -F forwarding_rule +#iptables -A forwarding_rule -m set --match-set vidstream src -m hashlimit --hashlimit-mode srcip,dstip --hashlimit-name "videolimit" --hashlimit-above 200kb/s -j DROP + ## start by washing the dscp to CS0 iptmark -j DSCP --set-dscp 0 From 5fa870f4e629bee9418a8c961ed296f0f72b6018 Mon Sep 17 00:00:00 2001 From: Guillaume DELVIT Date: Sun, 26 Jan 2020 20:49:00 +0100 Subject: [PATCH 3/5] extract veth specific --- veth.sh | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 veth.sh diff --git a/veth.sh b/veth.sh new file mode 100644 index 0000000..ad65e66 --- /dev/null +++ b/veth.sh @@ -0,0 +1,27 @@ +#!/bin/bash -x +########## +#Veth start +########## +WANIF="pppoe-wan" #wan interface + +tc qdisc add dev wlan0 root mq #setup multi queue for wifi device +## set up veth devices to handle inbound and outbound traffic +ip link show | grep veth0 || ip link add type veth + +## get new veth interfaces up +ip link set veth0 up +ip link set veth1 up + +## trun on promisc mode,sometimes it's needed to make bridge work +ip link set veth1 promisc on + +## add veth1 to bridge +brctl addif br-lan veth1 + +## just to make sure there's nothing inside this table +ip rule del priority 100 +ip route flush table 100 + +######### +#Veth end +######### From bf9fed24d59824fa70548aca819ab49c034e1f7d Mon Sep 17 00:00:00 2001 From: Guillaume DELVIT Date: Sun, 26 Jan 2020 20:54:13 +0100 Subject: [PATCH 4/5] made veth stuff optional --- DSCP-ipv4.sh | 29 ++++++++--------------------- 1 file changed, 8 insertions(+), 21 deletions(-) diff --git a/DSCP-ipv4.sh b/DSCP-ipv4.sh index 584d38b..ca7603f 100644 --- a/DSCP-ipv4.sh +++ b/DSCP-ipv4.sh @@ -1,31 +1,18 @@ #!/bin/bash -x IPT="iptables" + ########## -#Veth start +# This file can be used directly in Firewall - Custom Rules ########## -WANIF="pppoe-wan" #wan interface - -tc qdisc add dev wlan0 root mq #setup multi queue for wifi device -## set up veth devices to handle inbound and outbound traffic -ip link show | grep veth0 || ip link add type veth - -## get new veth interfaces up -ip link set veth0 up -ip link set veth1 up -## trun on promisc mode,sometimes it's needed to make bridge work -ip link set veth1 promisc on - -## add veth1 to bridge -brctl addif br-lan veth1 +########## +# Veth +# if need remove "#" +# or copy and paste veth.sh file bellow +########## +#./veth.sh -## just to make sure there's nothing inside this table -ip rule del priority 100 -ip route flush table 100 -######### -#Veth end -######### ##ipset for streaming sites.they are being filled by dnsmasq ipset create streaming hash:ip ipset create usrcdn hash:ip From f3d942cbdf7c8d413420ebd8fcf195db520b23cd Mon Sep 17 00:00:00 2001 From: Guillaume DELVIT Date: Sun, 26 Jan 2020 20:55:00 +0100 Subject: [PATCH 5/5] remove veth stuff --- DSCP-ipv6.sh | 31 +++++++++---------------------- 1 file changed, 9 insertions(+), 22 deletions(-) diff --git a/DSCP-ipv6.sh b/DSCP-ipv6.sh index fdb93a6..d778d16 100644 --- a/DSCP-ipv6.sh +++ b/DSCP-ipv6.sh @@ -1,31 +1,18 @@ #!/bin/bash -x IPT="iptables" IPT6="ip6tables" -########### -#Veth start -########### -WANIF="pppoe-wan" #wan interface name - -tc qdisc add dev wlan0 root mq #setup multi queue for wifi device -## set up veth devices to handle inbound and outbound traffic -ip link show | grep veth0 || ip link add type veth - -## get new veth interfaces up -ip link set veth0 up -ip link set veth1 up -## trun on promisc mode,sometimes it's needed to make bridge work -ip link set veth1 promisc on +########## +# This file can be used directly in Firewall - Custom Rules +########## -## add veth1 to bridge -brctl addif br-lan veth1 +########## +# Veth +# if need remove "#" +# or copy and paste veth.sh file bellow +########## +#./veth.sh -## just to make sure there's nothing inside this table -ip rule del priority 100 -ip route flush table 100 -######### -#Veth end -######### ##ipset for streaming sites.they are being filled by dnsmasq ipset create streaming hash:ip