From: Justin Wind Date: Sun, 1 Oct 2017 19:09:36 +0000 (-0700) Subject: fix shaper.sh X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=b13e1cdba6118b9700dda5cee8ca6f10ca25e746;p=firewall-squeep fix shaper.sh --- diff --git a/shaper.sh b/shaper.sh index f335718..8fdc296 100755 --- a/shaper.sh +++ b/shaper.sh @@ -62,7 +62,9 @@ then $IPTABLES -t mangle -N "${SHAPE_CHAIN}" fi +# prioritize small and responsive things shape 1 -p icmp +shape 1 -p ipv6-icmp shape 1 -p udp shape 1 -p tcp -m length --length :64 shape 1 -p tcp --syn -m length --length 40:68 @@ -71,16 +73,22 @@ shape 1 -p tcp --tcp-flags ALL RST shape 1 -p tcp --tcp-flags ALL ACK,RST shape 1 -p tcp --tcp-flags ALL ACK,FIN +# favor ssh shape 2 -p tcp --dport 22 +# defavor ftp shape 4 -p tcp --dport 20 shape 4 -p tcp --dport 115 +# bulk bittorrent shape 5 -p tcp --dport 8881:8899 shape 5 -p tcp --sport 8881:8899 +# default everything else to middle +shape 3 -m mark --mark 0 + if ! $IPTABLES -t mangle -C POSTROUTING -o "${EXT_IF}" -j "${SHAPE_CHAIN}" >/dev/null 2>&1 then - $IPTABLES -t mangle -C POSTROUTING -o "${EXT_IF}" -j "${SHAPE_CHAIN}" + $IPTABLES -t mangle -I POSTROUTING -o "${EXT_IF}" -j "${SHAPE_CHAIN}" fi