[./gestion/gen_confs/firewall.py] Merge des changements effectués dans ./gestion/firewall.py

darcs-hash:20090329173235-8fbb1-94791d5a63effec2fad617ae4cf162a9ab0a5b39.gz
2009-03-29 19:32:35 +02:00 · 2009-03-29 19:32:35 +02:00 · a6d4730055
commit a6d4730055
parent 7e1a4bb1fe
1 changed files with 19 additions and 0 deletions
--- a/gestion/gen_confs/firewall.py
+++ b/gestion/gen_confs/firewall.py
@ -617,6 +617,25 @@ class firewall_komaz(firewall_crans) :
                iptables("-t mangle -A SUBNET-%(subnet)s -o ens   -s %(ip)s "
                         "-j CLASSIFY --set-class 1:%(class_id)s" % locals())

+        # +-----------------+
+        # | QOS pour le ftp |
+        # +-----------------+
+
+        # On ne veut pas que les gens à l'éxtérieur bouffe toute la
+        # bande passante.
+
+        # Classification des paquets à destination du ftp
+        iptables("-t mangle -A POSTROUTING -o %(eth_int)s --destination 136.231.136.10 --destination-port 21 "
+                 "-j CLASSIFY --set-class 1:9997" % locals())
+
+        debit_ftp = 12000
+        # Restriction
+        for interface in [self.eth_ext, self.eth_int]:
+            tc("class add dev %(interface)s parent 1:1 classid 1:9997 "
+               "htb rate %(debit_ftp)s ceil %(debit_ftp)s" % locals())
+            tc("qdisc add dev %(interface)s parent 1:9997 "
+               "handle %(qdisc_id)d: sfq perturb 10" % locals())
+
        self.anim.reinit()
        print OK