Limit bandwidth UDP
This script limit the bandwidth for udp traffic – It can help to prevent hosting environment to ddos other by udp.
Denial of service attacks are major nuisance for web hosts, and as a web host you’ll have to take every measure to protect your resources from DoS attacks. Our APF, BFD, DDoS and RootKit article describes Linux utilities available to protect from DDoS attack, and also explains installation procedures. This article supplements above article by providing means to control traffic (bandwidth shaping) with Linux “tc” command so that no single machine can waste the entire network bandwidth.
What is Traffic Shaping?
Traffic Shaping (a.k.a Bandwidth Shaping or Packet Shaping) is an attempt to control network traffic by prioritizing network resources and guarantee certain bandwidth based on predefined policy rules. Traffic shaping uses concepts of traffic classification, policy rules, queue disciplines and quality of service (QoS).
#!/bin/bash # # udplimiter This script limit the bandwidth for udp traffic # # chkconfig: - 13 87 ### BEGIN INIT INFO # Provides: $udplimiter # Required-Start: $network # Required-Stop: $network # Default-Start: # Default-Stop: 0 1 2 3 4 5 6 # Short-Description: start|stop|status|restart Bandwidth Limiter # Description: This script limit the bandwidth for udp traffic ### END INIT INFO # tc uses the following units when passed as a parameter. # kbps: Kilobytes per second # mbps: Megabytes per second # kbit: Kilobits per second # mbit: Megabits per second # bps: Bytes per second # Amounts of data can be specified in: # kb or k: Kilobytes # mb or m: Megabytes # mbit: Megabits # kbit: Kilobits # To get the byte figure from bits, divide the number by 8 bit # # # Name of the traffic control command. TC=/sbin/tc # The network interface we're planning on limiting bandwidth. IF=eth0 # Interface # Bandwidth limit (in mega bits) BWLIMIT=5mbit # DOWNLOAD Limit # Filter options for limiting the intended interface. U32="$TC filter add dev $IF protocol ip parent 1:0 prio 1 u32" start() { # We'll use Hierarchical Token Bucket (HTB) to shape bandwidth. # For detailed configuration options, please consult Linux man # page. $TC qdisc add dev $IF root handle 1: htb default 30 $TC class add dev $IF parent 1: classid 1:1 htb rate $BWLIMIT $U32 match ip protocol 17 0xff flowid 1:1 # The first line creates the root qdisc, and the next two lines # create two child qdisc that are to be used to shape download # and upload bandwidth. # # The 4th and 5th line creates the filter to match the interface. # The 'dst' IP address is used to limit download speed, and the # 'src' IP address is used to limit upload speed. } stop() { # Stop the bandwidth shaping. $TC qdisc del dev $IF root } restart() { # Self-explanatory. stop sleep 1 start } show() { # Display status of traffic control status. $TC -s qdisc ls dev $IF } case "$1" in start) echo -n "Starting bandwidth shaping: " start echo "done" ;; stop) echo -n "Stopping bandwidth shaping: " stop echo "done" ;; restart) echo -n "Restarting bandwidth shaping: " restart echo "done" ;; show) echo "Bandwidth shaping status for $IF:" show echo "" ;; *) pwd=$(pwd) echo "Usage: $0 {start|stop|restart|show}" ;; esac exit 0
For Centos 6.x, save it to /etc/init.d/udplimiter and Run with
chkconfig udplimiter on /etc/init.d/udplimiter start
Note: Your can change IF=eth0 to fits your interface.
Credit: Thanks to Original code here