X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=shaper.sh;h=5b55d3fd4b8b3ebbfd78f35c4725262956c8a448;hb=3d7987337f881e38e8537233959c78054147e737;hp=f3357185cd9d66afb0a3e8b9cf25be56cfcbdd11;hpb=3943c9626bd2f4b0829c666406340852cfca66e8;p=firewall-squeep

diff --git a/shaper.sh b/shaper.sh
index f335718..5b55d3f 100755
--- a/shaper.sh
+++ b/shaper.sh
@@ -52,17 +52,28 @@ function shape(){
 	then
 		$IPTABLES -t mangle -A "${SHAPE_CHAIN}" "$@" -j MARK --set-mark ${prio}
 	fi
+	if ! $IP6TABLES -t mangle -C "${SHAPE_CHAIN}" "$@" -j MARK --set-mark ${prio} >/dev/null 2>&1
+	then
+		$IP6TABLES -t mangle -A "${SHAPE_CHAIN}" "$@" -j MARK --set-mark ${prio}
+	fi
 }
 
 shape_if "${EXT_IF}" "${UPLINK}" "${BURST}"
 
 if ! $IPTABLES -t mangle -L "${SHAPE_CHAIN}" >/dev/null 2>&1
 then
-	echo "initializing chain '${SHAPE_CHAIN}'"
+	echo "initializing ipv4 chain '${SHAPE_CHAIN}'"
 	$IPTABLES -t mangle -N "${SHAPE_CHAIN}"
 fi
+if ! $IP6TABLES -t mangle -L "${SHAPE_CHAIN}" >/dev/null 2>&1
+then
+	echo "initializing ipv6 chain '${SHAPE_CHAIN}'"
+	$iP6TABLES -t mangle -N "${SHAPE_CHAIN}"
+fi
 
+# prioritize small and responsive things
 shape 1 -p icmp
+shape 1 -p ipv6-icmp
 shape 1 -p udp
 shape 1 -p tcp -m length --length :64
 shape 1 -p tcp --syn -m length --length 40:68
@@ -71,16 +82,31 @@ shape 1 -p tcp --tcp-flags ALL RST
 shape 1 -p tcp --tcp-flags ALL ACK,RST
 shape 1 -p tcp --tcp-flags ALL ACK,FIN
 
+# favor ssh
 shape 2 -p tcp --dport 22
 
+# defavor ftp
 shape 4 -p tcp --dport 20
 shape 4 -p tcp --dport 115
 
+# bulk bittorrent
 shape 5 -p tcp --dport 8881:8899
 shape 5 -p tcp --sport 8881:8899
 
+# default everything else to middle
+shape 3 -m mark --mark 0
+
 if ! $IPTABLES -t mangle -C POSTROUTING -o "${EXT_IF}" -j "${SHAPE_CHAIN}" >/dev/null 2>&1
 then
-	$IPTABLES -t mangle -C POSTROUTING -o "${EXT_IF}" -j "${SHAPE_CHAIN}"
+	$IPTABLES -t mangle -I POSTROUTING -o "${EXT_IF}" -j "${SHAPE_CHAIN}"
 fi
 
+if ! $IP6TABLES -t mangle -C POSTROUTING -o "${EXT_IF}" -j "${SHAPE_CHAIN}" >/dev/null 2>&1
+then
+	$IP6TABLES -t mangle -I POSTROUTING -o "${EXT_IF}" -j "${SHAPE_CHAIN}"
+fi
+
+if [[ ! -e /etc/local.d/shaper.start ]]
+then
+	echo "add shaper to local rc start!"
+fi