simple iptables based packet limiter to deflect DoS attacks on our clients
[svn/Prometheus-QoS/.git] / examples / prometheus.conf
1 #==========================================================================
2 #Configuration for Arachne Labs gateway prometheus.brevnov.czf (10.11.10.1)
3 #==========================================================================
4 #Path to external utilities required to run iGW Prometheus:
5 #--------------------------------------------------------------------------
6 tc /sbin/tc
7 iptables /sbin/iptables
8 iptables-restore /sbin/iptables-restore
9 #==========================================================================
10 #Filename of iptables mangle table for iptables-restore
11 #--------------------------------------------------------------------------
12 iptables-file /var/spool/prometheus.iptables
13 #==========================================================================
14 #Filename of /etc/hosts - style IP address configuration file
15 #--------------------------------------------------------------------------
16 hosts /etc/prometheus/hosts
17 #==========================================================================
18 #Keywords found in /etc/host comments - syntax KEYWORD-MIN-MAX
19 #Eg.: 192.168.1.2 mypc #via-prometheus-256-512
20 #sets HTB rate for 192.168.1.2 to 256 kbps and HTB ceil to 512 kbps
21 #--------------------------------------------------------------------------
22 keyword wifi-normal
23 keyword wifi-plus
24 keyword backbone-normal
25 keyword backbone-plus
26 keyword backbone-bezfup
27 #==========================================================================
28 #LAN (local, downstream) and WAN (isp, internet, upstream) interface names
29 #didn't work well with only one interface - two interfaces are required now
30 #--------------------------------------------------------------------------
31 lan-interface eth0 #Linux network interface name
32 wan-interface eth1 #Linux network interface name
33 #==========================================================================
34 #LAN and WAN medium definition (100Mbit, 10Mbit - use 2Mbit for Wi-Fi)
35 #--------------------------------------------------------------------------
36 lan-medium 100Mbit #Mbit|kbit
37 wan-medium 100Mbit #Mbit|kbit
38 #==========================================================================
39 #guranted upload and download bandwidth FROM your ISP (in kbps, please!)
40 #asymetry settings will be automaticaly calculated from these values
41 #--------------------------------------------------------------------------
42 wan-download 40960 #kbps
43 wan-upload 40960
44 #==========================================================================
45 #special QoS free zone (eg. free CZFree tranzit, etc.)
46 #Apply QoS on HTTP proxy IP addres/port
47 #Set HTB rate and HTB ceil for address undefined in hosts file
48 #--------------------------------------------------------------------------
49 qos-free-zone 10.0.0.0/8 #0=disable|subnet eg. 192.168.0.0/16
50 qos-free-delay 14400 #seconds to wait before applying QoS
51 qos-proxy-enable 0 #1=yes|0=no
52 qos-proxy-ip 10.11.10.1/32 #eg. IP of our LAN interface
53 qos-proxy-port 3128 #squid port
54 free-rate 64 #kbps - by Vitex kuli testovani dashboardu
55 free-ceil 128 #kbps
56 digital-divide-weirdness-ratio 1 #can be 1, 2, 3, maybe even more...
57 #==========================================================================
58 #Asymetric line settings - this allows setup of ADSL-style ISP service
59 #asymetry-rate 2 means upload is limited to 50% of the rate of download
60 #asymetry-treshold 64 means upload will be 64 kbps slower then download
61 #--------------------------------------------------------------------------
62 #These settings are keyword-derived ! (see "keyword" section)
63 #--------------------------------------------------------------------------
64 wifi-normal-asymetry-ratio 1 #2,4,etc. for relative upload shaping
65 wifi-normal-asymetry-treshold 0 #kbps
66 wifi-plus-asymetry-ratio 1
67 wifi-plus-asymetry-treshold 0
68 backbone-normal-asymetry-ratio 1
69 backbone-normal-asymetry-treshold 0
70 backbone-plus-asymetry-ratio 1
71 backbone-plus-asymetry-treshold 0
72 backbone-bezfup-asymetry-ratio 1
73 backbone-bezfup-asymetry-treshold 0
74 #==========================================================================
75 #HTB fine tuning part I - common settings
76 #type of traffic filtering mark&filter or classify (without tc filter)
77 #--------------------------------------------------------------------------
78 htb-nesting-limit 3 #0..4: HTB seems to have built-in limit
79 htb-burst 32 #kbit
80 htb-burst-group 32 #kbit (group level classes)
81 htb-burst-main 64 #kbit (medium&line level classes - 1:1, 1:2)
82 htb-leaf-discipline sfq perturb 5
83 filter-type classify #or mark
84 #==========================================================================
85 #magic-include-upload - is data counter sum of upload and download ?
86 #magic-treshold - heaviest downloader: htb-rate, 2nd: htb-rate+magic-treshold
87 #==========================================================================
88 magic-include-upload 1 #1=yes|0=no
89 magic-treshold 2 #kbps
90 #--------------------------------------------------------------------------
91 #Magic data limit based od guaranted bandwidth in kbps fine tunes HTB ceil:
92 #(magic-relative-limit)*(min bandwidth kbps) = limit for given time period
93 #eg. value 8 gives 512 MB limit to 64 kbps HTB rates, 1024 MB to 128'ers...
94 #magic-fixed-limit is fixed data limit in MB (megabytes), 0=no limit
95 #HTB ceil will be reduced to (HTB rate) for the most unfair-users
96 #other offenders get (HTB rate)+(magic-treshold)
97 #magic-relative-prio and magic-fixed-prio work exactly the same way as
98 #limit, except that they reduce HTB priority instead of HTB ceil
99 #--------------------------------------------------------------------------
100 #These settings are keyword-derived ! (see "keyword" section)
101 #--------------------------------------------------------------------------
102 wifi-normal-magic-relative-limit 8 #*kb/sec->MB/day
103 wifi-normal-magic-relative-prio 4 #*kb/sec->MB/day
104 wifi-normal-magic-fixed-limit 0 #MB, less then
105 wifi-normal-magic-fixed-prio 0 #MB, less then
106 wifi-plus-magic-relative-limit 16
107 wifi-plus-magic-relative-prio 8
108 wifi-plus-magic-fixed-limit 0
109 wifi-plus-magic-fixed-prio 0
110 backbone-normal-magic-relative-limit 16
111 backbone-normal-magic-relative-prio 8
112 backbone-normal-magic-fixed-limit 0
113 backbone-normal-magic-fixed-prio 0
114 backbone-plus-magic-relative-limit 32
115 backbone-plus-magic-relative-prio 16
116 backbone-plus-magic-fixed-limit 0
117 backbone-plus-magic-fixed-prio 0
118 backbone-bezfup-magic-relative-limit 0
119 backbone-bezfup-magic-relative-prio 8
120 backbone-bezfup-magic-fixed-limit 0
121 backbone-bezfup-magic-fixed-prio 0
122 #==========================================================================
123 #HTB fine tuning part II - keyword dependent settings
124 #--------------------------------------------------------------------------
125 #These settings are keyword-derived ! (see "keyword" section)
126 #--------------------------------------------------------------------------
127 wifi-normal-htb-default-prio 1 #can be 1...7
128 wifi-normal-htb-rate-bonus 0 #kbps
129 wifi-normal-htb-ceil-malus 0 #kbps
130 wifi-plus-htb-default-prio 1
131 wifi-plus-htb-rate-bonus 16
132 wifi-plus-htb-ceil-malus 0
133 backbone-normal-htb-default-prio 1
134 backbone-normal-htb-rate-bonus 16
135 backbone-normal-htb-ceil-malus 0
136 backbone-plus-htb-default-prio 1
137 backbone-plus-htb-rate-bonus 32
138 backbone-plus-htb-ceil-malus 0
139 backbone-bezfup-htb-default-prio 2
140 backbone-bezfup-htb-rate-bonus 0
141 backbone-bezfup-htb-ceil-malus 0
142 #==========================================================================
143 #Credit file settings - stores unused credit from previous runs
144 #--------------------------------------------------------------------------
145 credit-filename /var/lib/misc/prometheus.credit
146 credit-enable 1 #1=yes|0=no
147 #==========================================================================
148 #Log file names and directories
149 #--------------------------------------------------------------------------
150 log-filename /var/log/prometheuslog
151 log-traffic-directory /var/www/logs/
152 log-traffic-url-path logs/
153 #==========================================================================
154 #Hall of Fame - Greatest Suckers settings
155 #--------------------------------------------------------------------------
156 hall-of-fame-enable 1 #1=yes|0=no
157 hall-of-fame-filename /var/www/traffic.html
158 hall-of-fame-preview /var/www/preview.html
159 hall-of-fame-title Hall of Fame - Greatest Suckers
160 #==========================================================================
161 #Hall of Fame - Color settings (for FUP data limit display)
162 #--------------------------------------------------------------------------
163 #These settings are keyword-derived ! (see "keyword" section)
164 #--------------------------------------------------------------------------
165 wifi-normal-html-color 609000 #RRGGBB html hexa
166 wifi-plus-html-color 008000
167 backbone-normal-html-color 600090
168 backbone-plus-html-color 000080
169 backbone-bezfup-html-color A06000
170 #==========================================================================
171 #That's all, folks. Now just run /usr/local/sbin/prometheus every day...
This page took 0.373792 seconds and 4 git commands to generate.