#!/bin/sh # 2021-02-19 # updated 2021-03-07 PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin if=wlan0 # remove all existing qdiscs, classes and filters from interface tc qdisc del dev $if ingress 2>/dev/null tc qdisc del dev $if root 2>/dev/null # respect dscp markings using cake tc qdisc add dev $if root cake bandwidth 1500kbit ack-filter # set default class for all unclassified traffic tc qdisc replace dev $if root handle 1: htb default 30 # top level class with handle 1:1 # tc class add dev $if parent 1: classid 1:1 htb rate 800kbit # Class 1:10 is highest priority path, outgoing SSH/SFTP and Gemini # Class 1:20 is next highest priority path, HTTP/HTTPS traffic # Class 1:30 is default with next lowest priority # Class 1:40 is lowest priority but highest total bandwidth, IPFS traffic tc class add dev $if parent 1:1 classid 1:10 htb rate 1200kbit \ ceil 1200kbit prio 1 tc class add dev $if parent 1:1 classid 1:20 htb rate 250kbit \ ceil 700kbit prio 2 tc class add dev $if parent 1:1 classid 1:30 htb rate 250kbit \ ceil 600kbit prio 3 tc class add dev $if parent 1:1 classid 1:40 htb rate 250kbit \ ceil 550kbit prio 4 # leaf qdisc to each child class tc qdisc add dev $if parent 1:10 fq_codel tc qdisc add dev $if parent 1:20 fq_codel tc qdisc add dev $if parent 1:30 fq_codel tc qdisc add dev $if parent 1:40 fq_codel # add filters to prioritize traffic tc filter add dev $if parent 1: handle 100 fw classid 1:10 tc filter add dev $if parent 1: handle 200 fw classid 1:20 tc filter add dev $if parent 1: handle 400 fw classid 1:40 # drop whatever comes in too fast tc qdisc add dev $if handle ffff: ingress tc filter add dev $if parent ffff: protocol ip prio 50 u32 match ip src \ 0.0.0.0/0 police rate 800kbit burst 900kbit drop flowid :1 # label outgoing traffic iptables -Z; # zero counters iptables -F; # flush (delete) rules iptables -X; # delete all extra chains iptables -t mangle -A OUTPUT -p tcp --match multiport --sports 22,1965 \ -j MARK --set-mark 100 iptables -t mangle -A OUTPUT -p tcp --match multiport --sports 80,443 \ -j MARK --set-mark 200 iptables -t mangle -A OUTPUT -p tcp --match multiport --sports 4001 \ -j MARK --set-mark 400