#!/bin/bash
###
##regard
#default output iptables policy file name is "iptables_policy",Please completed renamed
#default output mac bandding file name is "mac_policy",please completed renamed
###
start_ip=0
end_ip=10
ip_n=0
## ip_n is subnet [ example 192.168.iP_n.x ]
###
echo "#######" |>iptables_policy
echo "#######" |>mac_policy
###----------------------------------------------------------------------------
### SCRIPT HEADER
###----------------------------------------------------------------------------
echo "#!/bin/bash" >> iptables_policy
echo "##############" >> iptables_policy
echo "## MTU=1500(1.464k),500/s = 150 package per \second," >>iptables_policy
echo "## So,500/s=730KB/s" >> iptables_policy
echo "###" >> iptables_policy
echo "in_net=eth0" >> iptables_policy
echo "out_net=eth1" >> iptables_policy
echo "speed=400" >> iptables_policy
echo "# flush iptables " >> iptables_policy
echo "iptables -F FORWARD" >> iptables_policy
echo "" >> iptables_policy
echo "iptables -P FORWARD ACCEPT" >> iptables_policy
echo "iptables -A FORWARD -i eth0 -p all -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT" >> iptables_policy
echo "###" >> iptables_policy
echo "#iptables [-A -I -N -E -D -Z -R -F -P ] [ -i -o -s -d -p -m -j -f ] [ACCEPT DROP ]" >> iptables_policy
echo "###" >> iptables_policy
echo "#!/bin/bash" >> mac_policy
echo "##this scrpit is add_mac_policy_program" >> mac_policy
echo "####" >> mac_policy
echo "in_net=eth0" >> mac_policy
echo "###" >> mac_policy
echo "# arp -i [interface] -s [IP][MAC] -d [IP]" >> mac_policy
###----------------------------------------------------------------------------
### PRIGROM
###----------------------------------------------------------------------------
###
# default iptables SSH ACCEPT
#iptables -F INPUT
#iptables -P INPUT FORWARD
#iptables -P OUTPUT ACCEPT
#iptables -t filter -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -t filter -A INPUT -i eth1 -s -p tcp --dport 22 -j ACCEPT
##############
while [ $start_ip -le $end_ip ]
# echo "[ $start_ip -gt $end_ip ]"
do
if [ $start_ip -eq 254 ]
then
ip_n=$(($ip_n + 1))
start_ip=1
end_ip=$(($end_ip - 253))
#reserve end_ip.254 (SSH control port)
fi
echo "#iptables -A FORWARD -i" '$in_net' " -d 192.168.$ip_n.$start_ip -m limit --limit" '$speed/s' "-j ACCEPT" >> iptables_policy
echo "#arp -i" '$in_net' " -s 192.168.$ip_n.$start_ip " >> mac_policy
##display
echo "#iptables -A FORWARD add 192.168.$ip_n.$start_ip [OK] ; arp -i [ interface ] -s 192.168.$ip_n.$start_ip [OK] "
start_ip=$(($start_ip + 1 ))
done
echo "iptables -A FORWARD -i" '$in_net' "-j DROP" >> iptables_policy
echo "output succeed ,please modify iptables_policy file and mac_policy file"
######
##set iptables_policy [ chmod u+x ] with mac_policy [ chmod u+x ]
chmod u+x iptables_policy
chmod u+x mac_policy
由于原脚本用EditPlus 所写,个别缩进再上述脚本中有问题
使用时请更改脚本的相关项
