#!/bin/bash


iptables -t mangle -A PREROUTING -m p2p --p2p all -j CONNMARK --set-mark 256


iptables -t mangle -A PREROUTING -m connmark --mark 256 -j CONNMARK --restore-mark

exit

#iptables -A  PREROUTING -t mangle -j CONNMARK --restore-mark
#iptables -A  PREROUTING -t mangle -m mark ! --mark 0 -j ACCEPT

#iptables -A  PREROUTING -t mangle -m ipp2p --edk --kazaa --gnu --dc --bit --apple --winmx --soul --ares -j MARK --set-mark 257

#iptables -A  PREROUTING -t mangle -m mark --mark 257 -j CONNMARK --save-mark




DIR=`dirname $0`

cd $DIR

CONFIG=/ips/setup/.config
. $CONFIG

DEVOUT=$ANYDEV
DEVIN=$OURDEV


for I in 256 257; do

#tc replace filter add dev ${DEVIN} parent 10: prio 10 protocol ip u32 \
#match ip dst ${SUBNET}${I}/32 \
#flowid 10:${I}

echo

# -> .qos
tc filter add dev ${DEVIN} protocol ip parent 10: prio 4 \
handle ${I} fw \
flowid 10:${I}

tc filter add dev ${DEVOUT} protocol ip parent 20: prio 1 \
handle ${I} fw \
classid 20:${I}

# -> .xyz
iptables -I FORWARD -p tcp --syn -m mark --mark ${I} \
-m connlimit --connlimit-above 100 -j REJECT


#classid 10:${I}


done

exit
 

