X-Git-Url: http://git.squeep.com/?p=firewall-squeep;a=blobdiff_plain;f=shaper.sh;h=3b2c6229d4899e58b18e64d2a2e424f1059b38b6;hp=f3357185cd9d66afb0a3e8b9cf25be56cfcbdd11;hb=4286cf3fbed651341203ebfc64b722e142bd7d99;hpb=3943c9626bd2f4b0829c666406340852cfca66e8

diff --git a/shaper.sh b/shaper.sh
index f335718..3b2c622 100755
--- a/shaper.sh
+++ b/shaper.sh
@@ -8,7 +8,11 @@ SHAPE_CHAIN='SHAPER-OUT'
 
 set -e
 
-. ./common.sh
+# . ./common.sh
+IPTABLES=$(which iptables)
+IP6TABLES=$(which ip6tables)
+IPSET=$(which ipset)
+TC=$(which tc)
 
 if [ $# -lt 1 ]
 then
@@ -52,17 +56,28 @@ function shape(){
 	then
 		$IPTABLES -t mangle -A "${SHAPE_CHAIN}" "$@" -j MARK --set-mark ${prio}
 	fi
+	if ! $IP6TABLES -t mangle -C "${SHAPE_CHAIN}" "$@" -j MARK --set-mark ${prio} >/dev/null 2>&1
+	then
+		$IP6TABLES -t mangle -A "${SHAPE_CHAIN}" "$@" -j MARK --set-mark ${prio}
+	fi
 }
 
 shape_if "${EXT_IF}" "${UPLINK}" "${BURST}"
 
 if ! $IPTABLES -t mangle -L "${SHAPE_CHAIN}" >/dev/null 2>&1
 then
-	echo "initializing chain '${SHAPE_CHAIN}'"
+	echo "initializing ipv4 chain '${SHAPE_CHAIN}'"
 	$IPTABLES -t mangle -N "${SHAPE_CHAIN}"
 fi
+if ! $IP6TABLES -t mangle -L "${SHAPE_CHAIN}" >/dev/null 2>&1
+then
+	echo "initializing ipv6 chain '${SHAPE_CHAIN}'"
+	$IP6TABLES -t mangle -N "${SHAPE_CHAIN}"
+fi
 
+# prioritize small and responsive things
 shape 1 -p icmp
+shape 1 -p ipv6-icmp
 shape 1 -p udp
 shape 1 -p tcp -m length --length :64
 shape 1 -p tcp --syn -m length --length 40:68
@@ -71,16 +86,31 @@ shape 1 -p tcp --tcp-flags ALL RST
 shape 1 -p tcp --tcp-flags ALL ACK,RST
 shape 1 -p tcp --tcp-flags ALL ACK,FIN
 
+# favor ssh
 shape 2 -p tcp --dport 22
 
+# defavor ftp
 shape 4 -p tcp --dport 20
 shape 4 -p tcp --dport 115
 
+# bulk bittorrent
 shape 5 -p tcp --dport 8881:8899
 shape 5 -p tcp --sport 8881:8899
 
+# default everything else to middle
+shape 3 -m mark --mark 0
+
 if ! $IPTABLES -t mangle -C POSTROUTING -o "${EXT_IF}" -j "${SHAPE_CHAIN}" >/dev/null 2>&1
 then
-	$IPTABLES -t mangle -C POSTROUTING -o "${EXT_IF}" -j "${SHAPE_CHAIN}"
+	$IPTABLES -t mangle -I POSTROUTING -o "${EXT_IF}" -j "${SHAPE_CHAIN}"
 fi
 
+if ! $IP6TABLES -t mangle -C POSTROUTING -o "${EXT_IF}" -j "${SHAPE_CHAIN}" >/dev/null 2>&1
+then
+	$IP6TABLES -t mangle -I POSTROUTING -o "${EXT_IF}" -j "${SHAPE_CHAIN}"
+fi
+
+if [[ ! -e /etc/local.d/shaper.start ]]
+then
+	echo "add shaper to local rc start!"
+fi