# * * * GLOBAL CONSTANTS * * *
# WAN_IF (ppp0) Internet connection interface name
WAN_IF=vlan1
# LAN _IF (br0) This interface includes ethernet and wifi
LAN_IF=br0
# All rates below are in kilobits (kbit)
# WAN port real rate (dsl or ppp download/upload)
WAN_DN_RATE=1000
WAN_UP_RATE=550
# Zone order represents their priority, decreasing from the first to the last
# "inet" zone means everything not matched with other zones
WAN_ZONES="inet piring"
# zone IP files search path
ZONE_PATH="$(dirname $0)/ip_%ZONE%.lst"
# !!! All rates need to be measured first !!!
# Set rate to value 5-10% less than measured, if real rate is less than rate
# in list below, the shaper will not work properly!
# I've got double speed for inet and cn zones at night between 1:00-8:00
if test `date +%H` -ge 1 -a `date +%H` -lt 8; then
WAN_ZONES_DN_RATE="590 490 "
WAN_ZONES_UP_RATE="490 400"
else
WAN_ZONES_DN_RATE=" 590 490"
WAN_ZONES_UP_RATE=" 490 400"
fi
# Shaper creates 5 bands for Internet traffic (see schemes below)
# Guarantee rate for each band is, in %-s:
RATES="20 20 40 10 10"
# Setup internet zones names here (for "nshaper status" command)
INET_NAMES="Crit Prio Web Other Lazy"
################################################## #########################
# Application/user filters setup #
################################################## #########################
# Usage: setrule [all] [proto tcp|udp|icmp] [short] [flag ack|syn|rst|...] \
# [afc 1-4] [afd 1-3] [dscp 0-63]\
# [lan|wan|both] [ip a.b.c.d/m] [port n] [prio u16] \
# queue 0-4
#
# list of parameters:
#
# all (keyword) - match everything (no filtering, move all to queue)
# proto - target proto (icmp/tcp/udp)
# short (keyword) - match only short packets (<64b length, =20b header)
# flag ack|syn|... - match tcp control flag. may be used multiple times
# afc 1-4 - match assured forward class (higher => lower latency)
# afd 1-3 - match assured forward drop prec (lower => lower drop)
# dscp 0-63 - match DiffServ codepoint
# lan/wan/both - assignes a place of matched target. default is {both}
# ip ip_addr/mask - target ip address
# port port - target port
# prio - sequence number for filter. auto incremented
# if omitted. default is {10}, 1 is reserved!
# queue 0-4 - assignes queue for the rule, lower is better
#
# Example: setrule wan port 80 lan ip 192.168.1.10 queue 1
# -- move http traffic to 192.168.1.10 to high priority queue
#
# Example: setrule wan ip 82.66.15.0/24 queue 3
# -- move all traffic from 82.66.15.0/24 net to low priority queue
#
# In rules you can use vars $WAN_IP, $LAN_IP & $LAN_MASK
rules() {
# set rules for time-critical queue (both users' and router's traffic)
setrule proto icmp prio 10 queue 0 # ICMP
setrule port 53 queue 0 # DNS
setrule short flag ack queue 0 # TCP ACK
setrule short flag syn queue 0 # TCP SYN
setrule short flag rst queue 0 # TCP RST
# extract users' traffic using destiation ip
LAN="$LAN_IP/$LAN_MASK"
# set rules for high-priority queue
setrule lan ip $LAN afc 4 queue 1 # assured forward GOLD class
# (af4x obsoletes TOS=10)
setrule lan ip $LAN wan port 554 queue 1 # MMS/RealMedia
setrule lan ip $LAN wan port 1755 queue 1 # MMS
setrule lan ip $LAN wan port 1935 queue 1 # RTMP/Flash
setrule lan ip $LAN wan port 5060 queue 1 # SIP
# set rules for middle-priority queue
setrule lan ip $LAN afc 3 queue 2 # assured forward SILVER class
setrule lan ip $LAN wan port 80 queue 2 # HTTP
setrule lan ip $LAN wan port 443 queue 2 # HTTPS
setrule lan ip $LAN wan port 5190 queue 2 # AIM
# set rules for low-prority queue
setrule lan ip $LAN queue 3 # all remaining users' traffic
# only router's traffic remains unfiltered here
setrule lan port 50022 queue 1 # router's SSH
setrule lan port 8081 queue 1 # router's WEB server
# move all other router's traffic (such as P2P) to lazy queue
setrule lan all queue 4 # all other traffic to router
}