我有一个树莓派,我想在上面运行比特币。这有时会消耗我的大量传出带宽,因此我想确保它不会使用超过 20 KB/s 的比特币数据。
比特币协议使用端口 8333 进行连接,因此我认为只要查看源端口或目标端口是否等于 8333,就可以轻松识别连接。
在 Linux 上,哪一组命令将确保进出端口 8333 的数据不会超过 20 KB/s?
以下命令集会将源端口或目标端口为 8333 的流量的传出速率限制为 160 kbit/s,除非目标 IP 位于本地网络上。
#network interface on which to limit traffic
IF="eth0"
#limit of the network interface in question
LINKCEIL="1gbit"
#limit outbound Bitcoin protocol traffic to this rate
LIMIT="160kbit"
#delete existing rules
tc qdisc del dev ${IF} root
#add root class
tc qdisc add dev ${IF} root handle 1: htb default 10
#add parent class
tc class add dev ${IF} parent 1: classid 1:1 htb rate ${LINKCEIL} ceil ${LINKCEIL}
#add our two classes. one unlimited, another limited
tc class add dev ${IF} parent 1:1 classid 1:10 htb rate ${LINKCEIL} ceil ${LINKCEIL} prio 0
tc class add dev ${IF} parent 1:1 classid 1:11 htb rate ${LIMIT} ceil ${LIMIT} prio 1
#add handles to our classes so packets marked with <x> go into the class with "... handle <x> fw ..."
tc filter add dev ${IF} parent 1: protocol ip prio 1 handle 1 fw classid 1:10
tc filter add dev ${IF} parent 1: protocol ip prio 2 handle 2 fw classid 1:11
#limit outgoing traffic to and from port 8333. but not when dealing with a host on the local network
# --set-mark marks packages matching these criteria with the number "2"
# these packages are filtered by the tc filter with "handle 2"
# this filter sends the packages into the 1:11 class, and this class is limited to ${LIMIT}
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 8333 ! -d 192.168.0.0/16 -j MARK --set-mark 0x2
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 8333 ! -d 192.168.0.0/16 -j MARK --set-mark 0x2