KutuKupret

kutukupret adalah kutukupret bukan kutuloncat,kutuberas atau kutubusuk apalagi kuturambut ;-)

Arsip
Kategori
awan ber-arak

adsl c centos debian device disk email ethernet fedora file filesystem filter find freebsd hardisk k800i kernel linux load balancer load balancing maildir mikrotik minix module mount network os postfix ppp program proxy raid redhat router sit smtp sony ericsson speedy squid tun unix vlan vpn wireless youtube adsl (4)
apache (1)
bash (2)
bsd (1)
c (3)
centos (1)
computer (2)
debian (2)
filter (2)
games (1)
iptables (2)
ipv6 (1)
kernel (3)
linux (46)
modules (2)
music (1)
musik (1)
patch (1)
pop3 (1)
postfix (2)
programming (1)
redhat (2)
sony ericsson (3)
speedy (4)
squid (3)
standardization (1)
technology (3)
teknologi (4)
telkom (4)
Uncategorized (4)
vlan (3)
vpn (5)
winxp (3)

WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.
Kutukupret
- About
- exploits
- games
- K800/K810 files
- Linux
- Postfix
- Serious Stuff
Meta
- Log in
Links
Asal Pengunjung
Dari : United States
IP : 38.103.63.57
Usage By default you have two imq devices (imq0 and imq1). These are dummy interfaces, you can do nothing but attach qdiscs to them. Only egress qdiscs can be used, the current ingress qdisc is just another netfilter hooker. Since packets never get directed to an imq device by the network stack itself no netfilter hooks will ever be called. You can use imq for ingress traffic control, but only using egress qdiscs (which makes more sense anyway since current ingress is very limited). First you have to attach a qdisc to the imq device. The imq device can be treated like any other network device. The fw classifier can be used for filters. The packet length seen by the qdisc includes link layer headers of the device the packet has entered/will be leaving through so you can work with link speed when limiting traffic. After attaching a qdisc to the device you have to specify which packets should go through the imq device. An iptables target (`IMQ') is provided for using all the packet-selecting power of iptables. As soon as the interfaces reaches IFF_UP state selected packets will be enqeued to the imq device. Immediately dequeue is tried and dequeued packet (possibly reordered) gets reinjected into the network stack (software pump). If you are using IMQ as modules you can: modprobe imq and then modprobe ipt_IMQ. To choose the number of IMQ devices you should: modprobe imq numdevs=X. The easiest way to test your new setup is to saturate the upstream with low-priority traffic. This depends how you have your priorities set up. For the sake of example, let's say you've placed telnet traffic and ping traffic at a higher priority (lower fwmark) than other high ports (that are used for FTP transfers, etc). If you initiate an FTP upload to saturate upstream bandwidth, you should only notice your ping times to the gateway (on the other side of the DSL line) increasing by a small amount compared to what it would increase to with no priority queuing. Ping times under 100ms are typical depending on how you've got things set up. Ping times greater than one or two seconds probably mean that things aren't working right. In this article I am going to discuss advanced guestbook spam blocking. "Advanced" means that techniques will require not TYPO3 configuration but compiling, configuring and installing additional server components. This article is intended to web server administrators who are not afraid to protect their customers by installing non-traditional software. I have to put standard disclaimer here: this technique works well for me. However it may not work for you. It may block some of your customers (though I provide ways to unblock most of them). If you use this technique, you must acknowledge that you do it with full understanding and at your own risk. After such serious and dangerous warning. let's move to real work. How did I come to the idea I have mod_security installed on this web server. It can log many bad actions and even protect from typical spam. However it requires certain configuration and tuning. Logs may become really huge (for example, today I have several hundreds spam attempts blocked and logged, many kilobytes each). It would be great just to block spammers by IP address. The same way as PostFix can block spammers using DNS blocking lists (DNSBLs). This will free lots of resources on popular servers. Can it be done? Yes. Can it be done safely? Yes. Can it be done effectively? Yes. http://dmitry-dulepov.com/article/advanced-guestbook-spam-blocking.html#ixzz0JynPeQQo&D How To Set Up A Linux Layer 7 Packet Classifier On CentOS 5.1 Introduction This tutorial will walk you through setting up a Linux layer 7 packet classifier on CentOS 5.1, this can easily be adapted to any other Linux distribution out there. L7-filter is a classifier for the Linux Netfilter that identifies packets based on patterns in application layer data. This allows correct classification of P2P traffics. It can classify packets such as Kazaa, HTTP, Jabber, Citrix, Bittorrent, FTP, Gnucleus, eDonkey2000, etc., that uses unpredictable ports as well as standard protocols running on non-standard ports. It complements existing classifiers that match on IP address, port numbers and so on. HOWTO Delegate Reverse Subnet Maps This HOWTO configures delegated reverse subnet maps as defined in RFC 2317 to support classless routing. There is a longer explanation of reverse mapping which covers the same topic. Delegated reverse mapping requires the support or participation of your ISP or the Authority that assigned the static IP address range. Note: Before making this change a local reverse name look-up does not require any external DNS access (assuming you have a local reverse map zone for your IPs). After the configuration change below all (even local) reverse map queries require to follow the delegation (external) path for the reverse mapped address IN-ADDR.ARPA domain. If this change has not taken place or has not yet propagated you will get errors from 'nslookup' or 'dig' operations. Linux is a free Unix-type operating system originally created by Linus Torvalds with the assistance of developers around the world. Developed under the GNU General Public License , the source code for Linux is freely available to everyone. Click on the link below to find out more about the operating system that is causing a revolution in the world of computers.
Iklan

Usage By default you have two imq devices (imq0 and imq1). These are dummy interfaces, you can do nothing but attach qdiscs to them. Only egress qdiscs can be used, the current ingress qdisc is just another netfilter hooker. Since packets never get directed to an imq device by the network stack itself no netfilter hooks will ever be called. You can use imq for ingress traffic control, but only using egress qdiscs (which makes more sense anyway since current ingress is very limited). First you have to attach a qdisc to the imq device. The imq device can be treated like any other network device. The fw classifier can be used for filters. The packet length seen by the qdisc includes link layer headers of the device the packet has entered/will be leaving through so you can work with link speed when limiting traffic. After attaching a qdisc to the device you have to specify which packets should go through the imq device. An iptables target (`IMQ') is provided for using all the packet-selecting power of iptables. As soon as the interfaces reaches IFF_UP state selected packets will be enqeued to the imq device. Immediately dequeue is tried and dequeued packet (possibly reordered) gets reinjected into the network stack (software pump). If you are using IMQ as modules you can: modprobe imq and then modprobe ipt_IMQ. To choose the number of IMQ devices you should: modprobe imq numdevs=X. The easiest way to test your new setup is to saturate the upstream with low-priority traffic. This depends how you have your priorities set up. For the sake of example, let's say you've placed telnet traffic and ping traffic at a higher priority (lower fwmark) than other high ports (that are used for FTP transfers, etc). If you initiate an FTP upload to saturate upstream bandwidth, you should only notice your ping times to the gateway (on the other side of the DSL line) increasing by a small amount compared to what it would increase to with no priority queuing. Ping times under 100ms are typical depending on how you've got things set up. Ping times greater than one or two seconds probably mean that things aren't working right. In this article I am going to discuss advanced guestbook spam blocking. "Advanced" means that techniques will require not TYPO3 configuration but compiling, configuring and installing additional server components. This article is intended to web server administrators who are not afraid to protect their customers by installing non-traditional software. I have to put standard disclaimer here: this technique works well for me. However it may not work for you. It may block some of your customers (though I provide ways to unblock most of them). If you use this technique, you must acknowledge that you do it with full understanding and at your own risk. After such serious and dangerous warning. let's move to real work. How did I come to the idea I have mod_security installed on this web server. It can log many bad actions and even protect from typical spam. However it requires certain configuration and tuning. Logs may become really huge (for example, today I have several hundreds spam attempts blocked and logged, many kilobytes each). It would be great just to block spammers by IP address. The same way as PostFix can block spammers using DNS blocking lists (DNSBLs). This will free lots of resources on popular servers. Can it be done? Yes. Can it be done safely? Yes. Can it be done effectively? Yes. http://dmitry-dulepov.com/article/advanced-guestbook-spam-blocking.html#ixzz0JynPeQQo&D How To Set Up A Linux Layer 7 Packet Classifier On CentOS 5.1 Introduction This tutorial will walk you through setting up a Linux layer 7 packet classifier on CentOS 5.1, this can easily be adapted to any other Linux distribution out there. L7-filter is a classifier for the Linux Netfilter that identifies packets based on patterns in application layer data. This allows correct classification of P2P traffics. It can classify packets such as Kazaa, HTTP, Jabber, Citrix, Bittorrent, FTP, Gnucleus, eDonkey2000, etc., that uses unpredictable ports as well as standard protocols running on non-standard ports. It complements existing classifiers that match on IP address, port numbers and so on. HOWTO Delegate Reverse Subnet Maps This HOWTO configures delegated reverse subnet maps as defined in RFC 2317 to support classless routing. There is a longer explanation of reverse mapping which covers the same topic. Delegated reverse mapping requires the support or participation of your ISP or the Authority that assigned the static IP address range. Note: Before making this change a local reverse name look-up does not require any external DNS access (assuming you have a local reverse map zone for your IPs). After the configuration change below all (even local) reverse map queries require to follow the delegation (external) path for the reverse mapped address IN-ADDR.ARPA domain. If this change has not taken place or has not yet propagated you will get errors from 'nslookup' or 'dig' operations. Linux is a free Unix-type operating system originally created by Linus Torvalds with the assistance of developers around the world. Developed under the GNU General Public License , the source code for Linux is freely available to everyone. Click on the link below to find out more about the operating system that is causing a revolution in the world of computers.

Pasang iklan anda di sini hub hari.h@kutukupret.com
About kutu

Just me :)

engineer katro
Ym
Iklan

Usage By default you have two imq devices (imq0 and imq1). These are dummy interfaces, you can do nothing but attach qdiscs to them. Only egress qdiscs can be used, the current ingress qdisc is just another netfilter hooker. Since packets never get directed to an imq device by the network stack itself no netfilter hooks will ever be called. You can use imq for ingress traffic control, but only using egress qdiscs (which makes more sense anyway since current ingress is very limited). First you have to attach a qdisc to the imq device. The imq device can be treated like any other network device. The fw classifier can be used for filters. The packet length seen by the qdisc includes link layer headers of the device the packet has entered/will be leaving through so you can work with link speed when limiting traffic. After attaching a qdisc to the device you have to specify which packets should go through the imq device. An iptables target (`IMQ') is provided for using all the packet-selecting power of iptables. As soon as the interfaces reaches IFF_UP state selected packets will be enqeued to the imq device. Immediately dequeue is tried and dequeued packet (possibly reordered) gets reinjected into the network stack (software pump). If you are using IMQ as modules you can: modprobe imq and then modprobe ipt_IMQ. To choose the number of IMQ devices you should: modprobe imq numdevs=X. The easiest way to test your new setup is to saturate the upstream with low-priority traffic. This depends how you have your priorities set up. For the sake of example, let's say you've placed telnet traffic and ping traffic at a higher priority (lower fwmark) than other high ports (that are used for FTP transfers, etc). If you initiate an FTP upload to saturate upstream bandwidth, you should only notice your ping times to the gateway (on the other side of the DSL line) increasing by a small amount compared to what it would increase to with no priority queuing. Ping times under 100ms are typical depending on how you've got things set up. Ping times greater than one or two seconds probably mean that things aren't working right. In this article I am going to discuss advanced guestbook spam blocking. "Advanced" means that techniques will require not TYPO3 configuration but compiling, configuring and installing additional server components. This article is intended to web server administrators who are not afraid to protect their customers by installing non-traditional software. I have to put standard disclaimer here: this technique works well for me. However it may not work for you. It may block some of your customers (though I provide ways to unblock most of them). If you use this technique, you must acknowledge that you do it with full understanding and at your own risk. After such serious and dangerous warning. let's move to real work. How did I come to the idea I have mod_security installed on this web server. It can log many bad actions and even protect from typical spam. However it requires certain configuration and tuning. Logs may become really huge (for example, today I have several hundreds spam attempts blocked and logged, many kilobytes each). It would be great just to block spammers by IP address. The same way as PostFix can block spammers using DNS blocking lists (DNSBLs). This will free lots of resources on popular servers. Can it be done? Yes. Can it be done safely? Yes. Can it be done effectively? Yes. http://dmitry-dulepov.com/article/advanced-guestbook-spam-blocking.html#ixzz0JynPeQQo&D How To Set Up A Linux Layer 7 Packet Classifier On CentOS 5.1 Introduction This tutorial will walk you through setting up a Linux layer 7 packet classifier on CentOS 5.1, this can easily be adapted to any other Linux distribution out there. L7-filter is a classifier for the Linux Netfilter that identifies packets based on patterns in application layer data. This allows correct classification of P2P traffics. It can classify packets such as Kazaa, HTTP, Jabber, Citrix, Bittorrent, FTP, Gnucleus, eDonkey2000, etc., that uses unpredictable ports as well as standard protocols running on non-standard ports. It complements existing classifiers that match on IP address, port numbers and so on. HOWTO Delegate Reverse Subnet Maps This HOWTO configures delegated reverse subnet maps as defined in RFC 2317 to support classless routing. There is a longer explanation of reverse mapping which covers the same topic. Delegated reverse mapping requires the support or participation of your ISP or the Authority that assigned the static IP address range. Note: Before making this change a local reverse name look-up does not require any external DNS access (assuming you have a local reverse map zone for your IPs). After the configuration change below all (even local) reverse map queries require to follow the delegation (external) path for the reverse mapped address IN-ADDR.ARPA domain. If this change has not taken place or has not yet propagated you will get errors from 'nslookup' or 'dig' operations. Linux is a free Unix-type operating system originally created by Linus Torvalds with the assistance of developers around the world. Developed under the GNU General Public License , the source code for Linux is freely available to everyone. Click on the link below to find out more about the operating system that is causing a revolution in the world of computers.
Komentar2 baru
- admin on speedy + abbatec adsl modem (bridge mode) + linksys WRT54GL (dialer PPPoE)
- admin on speedy + abbatec adsl modem (bridge mode) + linksys WRT54GL (dialer PPPoE)
Polls
How Is My Site?
- Good
- Excellent
- Bad
- Can Be Improved
- No Comments
View Results
Loading ...

Links to Site

Subscribe
- Entries (RSS)
- Comments (RSS)
Donate $

Amount:
Website(Optional):

Usage By default you have two imq devices (imq0 and imq1). These are dummy interfaces, you can do nothing but attach qdiscs to them. Only egress qdiscs can be used, the current ingress qdisc is just another netfilter hooker. Since packets never get directed to an imq device by the network stack itself no netfilter hooks will ever be called. You can use imq for ingress traffic control, but only using egress qdiscs (which makes more sense anyway since current ingress is very limited). First you have to attach a qdisc to the imq device. The imq device can be treated like any other network device. The fw classifier can be used for filters. The packet length seen by the qdisc includes link layer headers of the device the packet has entered/will be leaving through so you can work with link speed when limiting traffic. After attaching a qdisc to the device you have to specify which packets should go through the imq device. An iptables target (`IMQ') is provided for using all the packet-selecting power of iptables. As soon as the interfaces reaches IFF_UP state selected packets will be enqeued to the imq device. Immediately dequeue is tried and dequeued packet (possibly reordered) gets reinjected into the network stack (software pump). If you are using IMQ as modules you can: modprobe imq and then modprobe ipt_IMQ. To choose the number of IMQ devices you should: modprobe imq numdevs=X. The easiest way to test your new setup is to saturate the upstream with low-priority traffic. This depends how you have your priorities set up. For the sake of example, let's say you've placed telnet traffic and ping traffic at a higher priority (lower fwmark) than other high ports (that are used for FTP transfers, etc). If you initiate an FTP upload to saturate upstream bandwidth, you should only notice your ping times to the gateway (on the other side of the DSL line) increasing by a small amount compared to what it would increase to with no priority queuing. Ping times under 100ms are typical depending on how you've got things set up. Ping times greater than one or two seconds probably mean that things aren't working right. In this article I am going to discuss advanced guestbook spam blocking. "Advanced" means that techniques will require not TYPO3 configuration but compiling, configuring and installing additional server components. This article is intended to web server administrators who are not afraid to protect their customers by installing non-traditional software. I have to put standard disclaimer here: this technique works well for me. However it may not work for you. It may block some of your customers (though I provide ways to unblock most of them). If you use this technique, you must acknowledge that you do it with full understanding and at your own risk. After such serious and dangerous warning. let's move to real work. How did I come to the idea I have mod_security installed on this web server. It can log many bad actions and even protect from typical spam. However it requires certain configuration and tuning. Logs may become really huge (for example, today I have several hundreds spam attempts blocked and logged, many kilobytes each). It would be great just to block spammers by IP address. The same way as PostFix can block spammers using DNS blocking lists (DNSBLs). This will free lots of resources on popular servers. Can it be done? Yes. Can it be done safely? Yes. Can it be done effectively? Yes. http://dmitry-dulepov.com/article/advanced-guestbook-spam-blocking.html#ixzz0JynPeQQo&D How To Set Up A Linux Layer 7 Packet Classifier On CentOS 5.1 Introduction This tutorial will walk you through setting up a Linux layer 7 packet classifier on CentOS 5.1, this can easily be adapted to any other Linux distribution out there. L7-filter is a classifier for the Linux Netfilter that identifies packets based on patterns in application layer data. This allows correct classification of P2P traffics. It can classify packets such as Kazaa, HTTP, Jabber, Citrix, Bittorrent, FTP, Gnucleus, eDonkey2000, etc., that uses unpredictable ports as well as standard protocols running on non-standard ports. It complements existing classifiers that match on IP address, port numbers and so on. HOWTO Delegate Reverse Subnet Maps This HOWTO configures delegated reverse subnet maps as defined in RFC 2317 to support classless routing. There is a longer explanation of reverse mapping which covers the same topic. Delegated reverse mapping requires the support or participation of your ISP or the Authority that assigned the static IP address range. Note: Before making this change a local reverse name look-up does not require any external DNS access (assuming you have a local reverse map zone for your IPs). After the configuration change below all (even local) reverse map queries require to follow the delegation (external) path for the reverse mapped address IN-ADDR.ARPA domain. If this change has not taken place or has not yet propagated you will get errors from 'nslookup' or 'dig' operations. Linux is a free Unix-type operating system originally created by Linus Torvalds with the assistance of developers around the world. Developed under the GNU General Public License , the source code for Linux is freely available to everyone. Click on the link below to find out more about the operating system that is causing a revolution in the world of computers.

(5 votes, average: 5 out of 5)

Loading ...

K800/K810 file repository

Posted by admin on June 23rd, 2008

K800/K810 file repository

http://explorer.kutukupret.com

Posted in sony ericsson | 4 Comments »

(1 votes, average: 5 out of 5)

Loading ...

Window XP HOME and ipv6

Posted by admin on July 4th, 2009

Step 1:

Step 2:

Download Gateway6 client

http://go6.net/4105/download.asp

Step 3:

install, configure (put user/password) and you’re ready to go!

Step 4:

Test it

^?View Code CMD

C:\Documents and Settings\harry>ping6 ipv6.google.com
 
Pinging ipv6.l.google.com [2001:4860:c004::68]
from 2001:5c0:1000:b::2d73 with 32 bytes of data:
 
Reply from 2001:4860:c004::68: bytes=32 time=659ms
Reply from 2001:4860:c004::68: bytes=32 time=660ms
Reply from 2001:4860:c004::68: bytes=32 time=699ms
Reply from 2001:4860:c004::68: bytes=32 time=660ms
 
Ping statistics for 2001:4860:c004::68:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 659ms, Maximum = 699ms, Average = 669ms

That’s all

Posted in ipv6, technology, teknologi, vpn, winxp | No Comments »

(2 votes, average: 5 out of 5)

Loading ...

Shaping Layer 7 Application on centos 4.7 (iptables + l7 + IMQ + tc/HTB)

Posted by admin on July 3rd, 2009

Pertama download kernel source kernel 2.6.26.

^?View Code BASH

# wget -t0 -c http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.26.tar.bz2

Download iptables 1.4.1 source.

^?View Code BASH

# wget -t0 -c http://www.netfilter.org/projects/iptables/files/iptables-1.4.1.tar.bz2

Download patch l7 + IMQ (untuk kernel dan iptables) yg sudah saya modifikasi jadi satu bundle.

linux-2.6.26-layer7-imq.patch (1433)

iptables-1.4.1-layer7-imq.patch (1326)

Extract ,patch dan compile kernel source(to RPM)

^?View Code BASH

# tar xjf linux-2.6.26.tar.bz2
# cd linux-2.6.26
# pacth -p1 < ../linux-2.6.26-layer7-imq.patch
patching file drivers/net/imq.c
patching file drivers/net/Kconfig
patching file drivers/net/Makefile
patching file include/linux/imq.h
patching file include/linux/netfilter/xt_IMQ.h
patching file include/linux/netfilter/xt_layer7.h
patching file include/linux/netfilter_ipv4/ipt_IMQ.h
patching file include/linux/netfilter_ipv6/ip6t_IMQ.h
patching file include/linux/skbuff.h
patching file include/net/netfilter/nf_conntrack.h
patching file include/net/netfilter/nf_queue.h
patching file net/core/dev.c
patching file net/core/skbuff.c
patching file net/netfilter/Kconfig
patching file net/netfilter/Makefile
patching file net/netfilter/nf_conntrack_core.c
patching file net/netfilter/nf_conntrack_standalone.c
patching file net/netfilter/nf_queue.c
patching file net/netfilter/regexp/regexp.c
patching file net/netfilter/regexp/regexp.h
patching file net/netfilter/regexp/regmagic.h
patching file net/netfilter/regexp/regsub.c
patching file net/netfilter/xt_IMQ.c
patching file net/netfilter/xt_layer7.c
 
# cp /boot/config-`uname -r` .config
# make clean
# make menuconfig
 
pilih semua option yg ada hubungannya dengan IMQ device dan layer7
 
# make rpm
# rpm -ivh /path/to/kernel-2.6.26-1.i[3/6]86.rpm
# mkinitrd initrd-2.6.26-default.img 2.2.6
 
konfigure grub supaya booting dengan kernel yg telah di compile.
 
title CentOS (2.6.26)
        root (hd0,0)
        kernel /vmlinuz-2.6.26 ro root=LABEL=/
        initrd /initrd-2.6.26-default.img
 
sesuai kan dengan konfig grub anda

Extract ,patch dan compile iptables

^?View Code BASH

# tar xjf iptables-1.4.1.tar.bz2
# cd iptables-1.4.1
# pacth -p1 < ../iptables-1.4.1-layer7-imq.patch
# make clean
# ./configure --with-ksource=../linux-2.6.26
# make
# make install

Jika ingin dalam bentuk rpm bisa cari spec file iptables nya di rpmfind.net

tambah alias untuk imq di modprobe.conf

^?View Code BASH

alias imq0 imq
alias imq1 imq

tc/HTB script, taruh di /etc/rc.d/rc

^?View Code BASH

#---- IMQ+layer7 -----
tc qdisc del dev imq0 root > /dev/null 2>&1
 
/sbin/ip link set imq0 up
/sbin/tc qdisc add dev imq0 root handle 1: htb default 2
/sbin/tc class add dev imq0 parent 1: classid 1:1 htb rate 80000Kbit
/sbin/tc class add dev imq0 parent 1: classid 1:2 htb rate 80000Kbit
/sbin/tc class add dev imq0 parent 1:1 classid 1:10 htb rate 1kbit ceil 2kbit
/sbin/tc filter add dev imq0 parent 1: protocol ip prio 1 u32 match ip dst 0/0 match ip src 172.16.0.0/12 flowid 1:10
 
/usr/local/sbin/iptables -t mangle -I PREROUTING -i eth1 -m layer7 --l7proto bittorrent -j IMQ --todev 0
/usr/local/sbin/iptables -t mangle -I PREROUTING -i eth1 -m layer7 --l7proto edonkey -j IMQ --todev 0
/usr/local/sbin/iptables -t mangle -I PREROUTING -i eth1 -m layer7 --l7proto gnutella -j IMQ --todev 0
/usr/local/sbin/iptables -t mangle -I PREROUTING -i eth1 -m layer7 --l7proto irc -j IMQ --todev 0
/usr/local/sbin/iptables -t mangle -I PREROUTING -i eth1 -m layer7 --l7proto kugoo -j IMQ --todev 0
/usr/local/sbin/iptables -t mangle -I PREROUTING -i eth1 -m layer7 --l7proto xunlei -j IMQ --todev 0
/usr/local/sbin/iptables -t mangle -I PREROUTING -i eth1 -m layer7 --l7proto pplive -j IMQ --todev 0
/usr/local/sbin/iptables -t mangle -I PREROUTING -i eth1 -m layer7 --l7proto http-dap -j IMQ --todev 0
 
tc qdisc del dev imq1 root > /dev/null 2>&1
 
/sbin/ip link set imq1 up
/sbin/tc qdisc add dev imq1 root handle 2: htb default 2
/sbin/tc class add dev imq1 parent 2: classid 2:1 htb rate 80000Kbit
/sbin/tc class add dev imq1 parent 2: classid 2:2 htb rate 80000Kbit
/sbin/tc class add dev imq1 parent 2:1 classid 2:10 htb rate 1kbit ceil 2kbit
/sbin/tc filter add dev imq1 parent 2: protocol ip prio 1 u32 match ip dst 172.16.0.0/12 match ip src 0/0 flowid 2:10
 
/usr/local/sbin/iptables -t mangle -I POSTROUTING -o eth1 -m layer7 --l7proto bittorrent -j IMQ --todev 1
/usr/local/sbin/iptables -t mangle -I POSTROUTING -o eth1 -m layer7 --l7proto edonkey -j IMQ --todev 1
/usr/local/sbin/iptables -t mangle -I POSTROUTING -o eth1 -m layer7 --l7proto gnutella -j IMQ --todev 1
/usr/local/sbin/iptables -t mangle -I POSTROUTING -o eth1 -m layer7 --l7proto irc -j IMQ --todev 1
/usr/local/sbin/iptables -t mangle -I POSTROUTING -o eth1 -m layer7 --l7proto kugoo -j IMQ --todev 1
/usr/local/sbin/iptables -t mangle -I POSTROUTING -o eth1 -m layer7 --l7proto xunlei -j IMQ --todev 1
/usr/local/sbin/iptables -t mangle -I POSTROUTING -o eth1 -m layer7 --l7proto pplive -j IMQ --todev 1
/usr/local/sbin/iptables -t mangle -I POSTROUTING -o eth1 -m layer7 --l7proto http-dap -j IMQ --todev 1
 
#---- IMQ+layer7 -----

reboot

done

warning: not tested with different kernel version or iptables version, be carefull or you’re ended with kernel panic

Posted in bash, c, filter, iptables, kernel, linux, modules | No Comments »

« Previous Entries

kutukupret adalah kutukupret bukan kutuloncat,kutuberas atau kutubusuk apalagi kuturambut ;-)

Arsip

Kategori

awan ber-arak

Kutukupret

Meta

Links

Asal Pengunjung

Iklan

About kutu

Ym

Iklan

Komentar2 baru

Polls

Subscribe

Donate $

K800/K810 file repository

Window XP HOME and ipv6

Shaping Layer 7 Application on centos 4.7 (iptables + l7 + IMQ + tc/HTB)