Limit bandwidth UDP

10 September 2013 7:36 PM Centos 6, firewall , , , , ,

Limit bandwidth UDP

This script limit the bandwidth for udp traffic – It can help to prevent hosting environment to ddos other by udp.

Denial of service attacks are major nuisance for web hosts, and as a web host you’ll have to take every measure to protect your resources from DoS attacks. Our APF, BFD, DDoS and RootKit article describes Linux utilities available to protect from DDoS attack, and also explains installation procedures. This article supplements above article by providing means to control traffic (bandwidth shaping) with Linux “tc” command so that no single machine can waste the entire network bandwidth.

What is Traffic Shaping?

Traffic Shaping (a.k.a Bandwidth Shaping or Packet Shaping) is an attempt to control network traffic by prioritizing network resources and guarantee certain bandwidth based on predefined policy rules. Traffic shaping uses concepts of traffic classification, policy rules, queue disciplines and quality of service (QoS).

#!/bin/bash
#
# udplimiter This script limit the bandwidth for udp traffic
#
# chkconfig: - 13 87

### BEGIN INIT INFO
# Provides: $udplimiter
# Required-Start: $network
# Required-Stop: $network
# Default-Start:
# Default-Stop: 0 1 2 3 4 5 6
# Short-Description: start|stop|status|restart Bandwidth Limiter
# Description: This script limit the bandwidth for udp traffic
### END INIT INFO

#  tc uses the following units when passed as a parameter.
#  kbps: Kilobytes per second
#  mbps: Megabytes per second
#  kbit: Kilobits per second
#  mbit: Megabits per second
#  bps: Bytes per second
#       Amounts of data can be specified in:
#       kb or k: Kilobytes
#       mb or m: Megabytes
#       mbit: Megabits
#       kbit: Kilobits
#  To get the byte figure from bits, divide the number by 8 bit
#

#
# Name of the traffic control command.
TC=/sbin/tc

# The network interface we're planning on limiting bandwidth.
IF=eth0             # Interface

# Bandwidth limit (in mega bits)
BWLIMIT=5mbit          # DOWNLOAD Limit

# Filter options for limiting the intended interface.
U32="$TC filter add dev $IF protocol ip parent 1:0 prio 1 u32"

start() {

# We'll use Hierarchical Token Bucket (HTB) to shape bandwidth.
# For detailed configuration options, please consult Linux man
# page.

    $TC qdisc add dev $IF root handle 1: htb default 30
    $TC class add dev $IF parent 1: classid 1:1 htb rate $BWLIMIT
    $U32 match ip protocol 17 0xff flowid 1:1

# The first line creates the root qdisc, and the next two lines
# create two child qdisc that are to be used to shape download
# and upload bandwidth.
#
# The 4th and 5th line creates the filter to match the interface.
# The 'dst' IP address is used to limit download speed, and the
# 'src' IP address is used to limit upload speed.

}

stop() {

# Stop the bandwidth shaping.
    $TC qdisc del dev $IF root

}

restart() {

# Self-explanatory.
    stop
    sleep 1
    start

}

show() {

# Display status of traffic control status.
    $TC -s qdisc ls dev $IF

}

case "$1" in

  start)

    echo -n "Starting bandwidth shaping: "
    start
    echo "done"
    ;;

  stop)

    echo -n "Stopping bandwidth shaping: "
    stop
    echo "done"
    ;;

  restart)

    echo -n "Restarting bandwidth shaping: "
    restart
    echo "done"
    ;;

  show)

    echo "Bandwidth shaping status for $IF:"
    show
    echo ""
    ;;

  *)

    pwd=$(pwd)
    echo "Usage: $0 {start|stop|restart|show}"
    ;;

esac

exit 0

For Centos 6.x, save it to  /etc/init.d/udplimiter and Run with

chkconfig udplimiter on
/etc/init.d/udplimiter start

Note: Your can change IF=eth0 to fits your interface.

Credit: Thanks to Original code here