deluxehost
New Member
If you're running a OpenVZ Node on a dedicated server, or running a XEN VPS. you can use 'tc' to limit the speed of your IPv6 (Native/Tunnel) with this simple script..
Before i post, reason i made this, is i run a OpenVZ node myself, and i had a VPS customer sending out DDoS attacks over IPv6, and i wanted to limit/prevent this from happening again, so i googled, found nothing, went on IRC in networking channels, got no where. so i spent about 3 hours twiddling with 'tc'. and here is what i've found, and it has proven to work numerous times over.
#!/bin/sh
#VIEWING
# tc qdisc show dev $DEV
# tc class show dev $DEV
# tc filter show dev $DEV
OK="\e[1;32m"
R="\e[00m"
RANGE="2001:470:404a::/48"
echo -n "Setting IPv6 IN/OUT... "
# IPV6 LIMITING
DEV=tun0
tc qdisc del dev $DEV root
tc qdisc add dev $DEV root handle 1: htb default 100
tc class add dev $DEV parent 1: classid 1:1 htb rate 15mbit burst 15k
tc qdisc add dev $DEV parent 1:1 handle 2: sfq perturb 10
tc filter add dev $DEV protocol ipv6 parent 1:0 prio 1 u32 match ip6 dst ${RANGE} flowid 1:1
tc filter add dev $DEV protocol ipv6 parent 1:0 prio 1 u32 match ip6 src ${RANGE} flowid 1:1
echo -e "[ ${OK}OK${R} ]"
You can set this per IP aswell, just add in a line like..
IPLIMIT="2001:470:404a::ba74:2df:923a:75a7/128"
tc filter add dev $DEV protocol ipv6 parent 1:0 prio 1 u32 match ip6 dst ${LIMITIP} flowid 1:1
tc filter add dev $DEV protocol ipv6 parent 1:0 prio 1 u32 match ip6 src ${LIMITIP} flowid 1:1
And if you want to increase the bandwidth rate from 15mbit, just change the above line to what you want. look for 15mbit, and set to whatever, the accept rates are like: 1mbit, 100kbps.
Hope this helps someone.
Before i post, reason i made this, is i run a OpenVZ node myself, and i had a VPS customer sending out DDoS attacks over IPv6, and i wanted to limit/prevent this from happening again, so i googled, found nothing, went on IRC in networking channels, got no where. so i spent about 3 hours twiddling with 'tc'. and here is what i've found, and it has proven to work numerous times over.
#!/bin/sh
#VIEWING
# tc qdisc show dev $DEV
# tc class show dev $DEV
# tc filter show dev $DEV
OK="\e[1;32m"
R="\e[00m"
RANGE="2001:470:404a::/48"
echo -n "Setting IPv6 IN/OUT... "
# IPV6 LIMITING
DEV=tun0
tc qdisc del dev $DEV root
tc qdisc add dev $DEV root handle 1: htb default 100
tc class add dev $DEV parent 1: classid 1:1 htb rate 15mbit burst 15k
tc qdisc add dev $DEV parent 1:1 handle 2: sfq perturb 10
tc filter add dev $DEV protocol ipv6 parent 1:0 prio 1 u32 match ip6 dst ${RANGE} flowid 1:1
tc filter add dev $DEV protocol ipv6 parent 1:0 prio 1 u32 match ip6 src ${RANGE} flowid 1:1
echo -e "[ ${OK}OK${R} ]"
You can set this per IP aswell, just add in a line like..
IPLIMIT="2001:470:404a::ba74:2df:923a:75a7/128"
tc filter add dev $DEV protocol ipv6 parent 1:0 prio 1 u32 match ip6 dst ${LIMITIP} flowid 1:1
tc filter add dev $DEV protocol ipv6 parent 1:0 prio 1 u32 match ip6 src ${LIMITIP} flowid 1:1
And if you want to increase the bandwidth rate from 15mbit, just change the above line to what you want. look for 15mbit, and set to whatever, the accept rates are like: 1mbit, 100kbps.
Hope this helps someone.
