[FUG-BR] Firewall banda por usuário
Gelsimauro Batista dos Santos
maurogbs em gmail.com
Segunda Março 22 08:28:19 BRT 2010
Veja as regras abaixo eu tenho um regra de controle de 64k e outro de 100k
A mediada que crio as baixas de IPs no arquivo cbanda já caiem no controle
de banda especificada no rc.filters.
Veja que da pra fazer o controle MAC no cbanda tambem
Arquivo cbanda
#Cliente 01
ifconfig rl1 inet 10.1.1.11 netmask 255.255.255.224 alias
/usr/sbin/arp -S 10.1.1.106 00:10:69:48:d4:90
#Cliente 02
ifconfig rl1 inet 10.2.0.1 netmask 255.255.255.252 alias
/usr/sbin/arp -S 10.2.0.2 00:10:69:48:d4:90
#Cliente 03
ifconfig rl1 inet 11.2.0.1 netmask 255.255.255.252 alias
/usr/sbin/arp -S 11.2.0.2 00:1c:f0:85:e8:73
#Cliente 04
ifconfig rl1 inet 12.1.0.1 netmask 255.255.255.252 alias
/usr/sbin/arp -S 12.1.0.2 00:1c:f0:85:e8:73
#Cliente 05
ifconfig rl1 inet 12.2.0.1 netmask 255.255.255.252 alias
/usr/sbin/arp -S 12.2.0.2 00:1c:f0:85:e8:73
Aruivo rc.filters
#Banda-64k
REDE_64="10.0.0.0/8,11.0.0.0/8"
REDE_100="12.0.0.0/8, 13.0.0.0/8"
###########################################################################
# CONTROLE DE BANDA VEL 64Kbit/s #
###########################################################################
#
$IPFW add 1000 pipe 1000 ip from ${REDE_64} to any in
$IPFW add 1001 pipe 1001 ip from any to ${REDE_64} out
$IPFW pipe 1000 config mask src-ip 0xffffffe0 bw 64Kbit/s
$IPFW pipe 1001 config mask dst-ip 0xffffffe0 bw 64Kbit/s
#
###########################################################################
# CONTROLE DE BANDA DA REDE VEL 100Kbit/s #
###########################################################################
#
$IPFW add 1010 pipe 1010 ip from ${REDE_100} to any in
$IPFW add 1011 pipe 1011 ip from any to ${REDE_100} out
$IPFW pipe 1010 config mask src-ip 0xffffffe0 bw 100Kbit/s
$IPFW pipe 1011 config mask dst-ip 0xffffffe0 bw 100Kbit/s
Mais detalhes sobre a lista de discussăo freebsd