minor updates to scripts

[firewall-squeep] / shaper.sh

diff --git a/shaper.sh b/shaper.sh
index f3357185cd9d66afb0a3e8b9cf25be56cfcbdd11..3b2c6229d4899e58b18e64d2a2e424f1059b38b6 100755 (executable)
--- a/shaper.sh
+++ b/shaper.sh
@@ -8,7 +8,11 @@ SHAPE_CHAIN='SHAPER-OUT'
 
 set -e
 
-. ./common.sh
+# . ./common.sh
+IPTABLES=$(which iptables)
+IP6TABLES=$(which ip6tables)
+IPSET=$(which ipset)
+TC=$(which tc)
 
 if [ $# -lt 1 ]
 then
@@ -52,17 +56,28 @@ function shape(){
        then
                $IPTABLES -t mangle -A "${SHAPE_CHAIN}" "$@" -j MARK --set-mark ${prio}
        fi
+       if ! $IP6TABLES -t mangle -C "${SHAPE_CHAIN}" "$@" -j MARK --set-mark ${prio} >/dev/null 2>&1
+       then
+               $IP6TABLES -t mangle -A "${SHAPE_CHAIN}" "$@" -j MARK --set-mark ${prio}
+       fi
 }
 
 shape_if "${EXT_IF}" "${UPLINK}" "${BURST}"
 
 if ! $IPTABLES -t mangle -L "${SHAPE_CHAIN}" >/dev/null 2>&1
 then
-       echo "initializing chain '${SHAPE_CHAIN}'"
+       echo "initializing ipv4 chain '${SHAPE_CHAIN}'"
        $IPTABLES -t mangle -N "${SHAPE_CHAIN}"
 fi
+if ! $IP6TABLES -t mangle -L "${SHAPE_CHAIN}" >/dev/null 2>&1
+then
+       echo "initializing ipv6 chain '${SHAPE_CHAIN}'"
+       $IP6TABLES -t mangle -N "${SHAPE_CHAIN}"
+fi
 
+# prioritize small and responsive things
 shape 1 -p icmp
+shape 1 -p ipv6-icmp
 shape 1 -p udp
 shape 1 -p tcp -m length --length :64
 shape 1 -p tcp --syn -m length --length 40:68
@@ -71,16 +86,31 @@ shape 1 -p tcp --tcp-flags ALL RST
 shape 1 -p tcp --tcp-flags ALL ACK,RST
 shape 1 -p tcp --tcp-flags ALL ACK,FIN
 
+# favor ssh
 shape 2 -p tcp --dport 22
 
+# defavor ftp
 shape 4 -p tcp --dport 20
 shape 4 -p tcp --dport 115
 
+# bulk bittorrent
 shape 5 -p tcp --dport 8881:8899
 shape 5 -p tcp --sport 8881:8899
 
+# default everything else to middle
+shape 3 -m mark --mark 0
+
 if ! $IPTABLES -t mangle -C POSTROUTING -o "${EXT_IF}" -j "${SHAPE_CHAIN}" >/dev/null 2>&1
 then
-       $IPTABLES -t mangle -C POSTROUTING -o "${EXT_IF}" -j "${SHAPE_CHAIN}"
+       $IPTABLES -t mangle -I POSTROUTING -o "${EXT_IF}" -j "${SHAPE_CHAIN}"
 fi
 
+if ! $IP6TABLES -t mangle -C POSTROUTING -o "${EXT_IF}" -j "${SHAPE_CHAIN}" >/dev/null 2>&1
+then
+       $IP6TABLES -t mangle -I POSTROUTING -o "${EXT_IF}" -j "${SHAPE_CHAIN}"
+fi
+
+if [[ ! -e /etc/local.d/shaper.start ]]
+then
+       echo "add shaper to local rc start!"
+fi