Bandwidth Limiting

I used a simple netfilter-script to temporarely limit the bandwidth of my homeserver to test loading the pages over low bandwith connections.

#! /bin/bash -v
IF=ens33

iptables -F -t mangle
tc qdisc del dev $IF root

if [[ "$1" == "off" ]]
then
echo "Bandwith Limit turned off"
exit
fi

tc qdisc add dev $IF root handle 1:0 htb default 0
tc class add dev $IF parent 1:0 classid 1:10 htb rate 10kbps ceil 10kbps prio 0
iptables -t mangle -A POSTROUTING -p tcp -j MARK --set-mark 10
tc filter add dev $IF parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10

The script adds a queuing discipline and a class together with a filter on marked packets. Iptables marked the packets of interest. It worked perfectly for some time, but now I noticed, it doesn't!

What happened? Well, it took considerable amount of time to find the reason, it simply is IPV6, which silently invaded my network by updates and upgrades over the time!

The calls to iptables and tc only apply to IPV4 packets! You need to use ip6tables and protocol ipv6 in the netfilter call to extend this to IPV6!

So the final script looks like this:

#! /bin/bash -v
IF=ens33

iptables -F -t mangle
tc qdisc del dev $IF root

if [[ "$1" == "off" ]]
then
echo "Bandwith Limit turned off"
exit
fi

tc qdisc add dev $IF root handle 1:0 htb default 0
tc class add dev $IF parent 1:0 classid 1:10 htb rate 10kbps ceil 10kbps prio 0
iptables -t mangle -A POSTROUTING -p tcp -j MARK --set-mark 10
ip6tables -t mangle -A POSTROUTING -p tcp -j MARK --set-mark 10
tc filter add dev $IF parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10
tc filter add dev $IF parent 1:0 prio 0 protocol ipv6 handle 10 fw flowid 1:10

You see two additional calls to ip6tables and tc and now it works for both IPV4 and IPV6.