firewall script to limit download bandwidth based on ip's

Discussion in 'Tomato Firmware' started by azdps, Apr 30, 2012.

  1. azdps

    azdps LI Guru Member

    Here is a firewall script I put together that will limit download bandwidth based on 1 or more ip addresses. Obviously you need change the CLIENT_IP to the IP you want to limit. Copy and paste it into Administration --> Scripts --> Firewall. After saving it, reboot router for the script to take effect. Thought someone might find it useful.

    tc qdisc del dev $DEV root 2> /dev/null > /dev/null
    tc qdisc add dev $DEV root handle 77: htb
    tc class add dev $DEV parent 77: classid 77:1 htb rate ${LIMIT_DOWN}kbps
    tc filter add dev $DEV parent 77: protocol ip handle 80 fw flowid 77:1
    for ip in $CLIENT_IP; do
      iptables -t mangle -I POSTROUTING -d $ip -j MARK --set-mark 80
  2. zapoqx

    zapoqx Networkin' Nut Member

    Intriguing. I'm almost considering this. Just to ask first though:
    The limit I'm guessing is modifiable. But which one? Limit_Down (And if so, how is it determined?) or htb rate 20000kbit?
  3. azdps

    azdps LI Guru Member

    zapoqx, I've modified the script quite a bit. Removed some stuff that wasn't really necessary. Although officially kbps is an abbreviation for kilobit per second, htb qdisc uses it as kilobytes per second. Anyways, think of data rates as kilobytes per second when using this script.

    So the script I posted above is limiting two ip addresses to 30 kilobytes per second downloading capability.

    let me know if you run into any issues.
  4. zapoqx

    zapoqx Networkin' Nut Member

    Cool. I'll make use of this. Thanks!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice