├── README.md ├── dnsmasq.conf-ipv4.. └── dnsmasq.conf ├── dnsmasq.conf-ipv6 └── dnsmasq.conf ├── DSCP-ipv4.sh └── DSCP-ipv6.sh /README.md: -------------------------------------------------------------------------------- 1 | # Ultimate-SQM-settings-Layer_cake-DSCP-marks-New-Script 2 | 3 | **Documentation is needed!!! 4 | -------------------------------------------------------------------------------- /dnsmasq.conf-ipv4../dnsmasq.conf: -------------------------------------------------------------------------------- 1 | ##Latency Sensitive (gaming/voip) 2 | ipset=/igamecj.com/gcloudcs.com/qos.gcloud.qq.com/latsens 3 | 4 | ##video/audio streams 5 | # Youtube is also isolated by my isp 6 | ipset=/googlevideo.com/*.googlevideo.com/streaming 7 | # NetFlix 8 | ipset=/nflxvideo.net/streaming 9 | # AmazonVideo 10 | ipset=/s3.ll.dash.row.aiv-cdn.net/d25xi40x97liuc.cloudfront.net/aiv-delivery.net/streaming 11 | # Facebook 12 | ipset=/fbcdn.net/streaming 13 | # Twitch 14 | ipset=/ttvnw.net/streaming 15 | # VeVo 16 | ipset=/vevo.com/streaming 17 | # Spotify 18 | ipset=/audio-fa.scdn.cot/streaming 19 | # Deezer 20 | ipset=/deezer.com/streaming 21 | # SoundCloud 22 | ipset=/sndcdn.com/streaming 23 | # last.fm 24 | ipset=/last.fm/streaming 25 | #reddit videos 26 | ipset=/v.redd.it/streaming 27 | #twitch.tv 28 | ipset=/ttvnw.net/streaming 29 | 30 | ##i have isolated speed for those cdn's 31 | ipset=/googletagmanager.com/googleusercontent.com/*.googleusercontent.com/google.com/fbcdn.net/*.fbcdn.net/akamaihd.net/*.akamaihd.net/whatsapp.net/*.whatsapp.net/whatsapp.com/*.whatsapp.com/www-cdn.whatsapp.net/googleapis.com/*.googleapis.com/ucy.ac.cy/1e100.net/hwcdn.net/usrcdn 32 | 33 | ## Bulk downloads 34 | #qq download 35 | ipset=/download.qq.com/bulk 36 | # Steam Download 37 | ipset=/steamcontent.com/bulk 38 | # PSN Download 39 | ipset=/gs2.ww.prod.dl.playstation.net/bulk 40 | # DropBox 41 | ipset=/dropbox.com/dropboxstatic.com/dropbox-dns.com/log.getdropbox.com/bulk 42 | # Google Drive 43 | ipset=/drive.google.com/drive-thirdparty.googleusercontent.com/bulk 44 | # Google Docs 45 | ipset=/docs.google.com/docs.googleusercontent.com/bulk 46 | # PlayStore Download 47 | ipset=/gvt1.com/bulk 48 | # WhatsApp Files 49 | ipset=/mmg-fna.whatsapp.net/bulk 50 | # Youtube Upload 51 | ipset=/upload.youtube.com/upload.video.google.com/bulk 52 | # WindowsUpdate 53 | ipset=/windowsupdate.com/update.microsoft.com/bulk 54 | -------------------------------------------------------------------------------- /dnsmasq.conf-ipv6/dnsmasq.conf: -------------------------------------------------------------------------------- 1 | ##Latency Sensitive (gaming/voip) 2 | ipset=/igamecj.com/gcloudcs.com/qos.gcloud.qq.com/latsens,latsens6 3 | 4 | ##video/audio streams 5 | # Youtube is also isolated by my isp 6 | ipset=/googlevideo.com/*.googlevideo.com/streaming,streaming6 7 | # NetFlix 8 | ipset=/nflxvideo.net/streaming,streaming6 9 | # AmazonVideo 10 | ipset=/s3.ll.dash.row.aiv-cdn.net/d25xi40x97liuc.cloudfront.net/aiv-delivery.net/streaming,streaming6 11 | # Facebook 12 | ipset=/fbcdn.net/streaming,streaming6 13 | # Twitch 14 | ipset=/ttvnw.net/streaming,streaming6 15 | # VeVo 16 | ipset=/vevo.com/streaming,streaming6 17 | # Spotify 18 | ipset=/audio-fa.scdn.cot/streaming,streaming6 19 | # Deezer 20 | ipset=/deezer.com/streaming,streaming6 21 | # SoundCloud 22 | ipset=/sndcdn.com/streaming,streaming6 23 | # last.fm 24 | ipset=/last.fm/streaming,streaming6 25 | #reddit videos 26 | ipset=/v.redd.it/streaming,streaming6 27 | #twitch.tv 28 | ipset=/ttvnw.net/streaming,streaming6 29 | 30 | ##i have isolated speed for those cdn's 31 | ipset=/googletagmanager.com/googleusercontent.com/*.googleusercontent.com/google.com/fbcdn.net/*.fbcdn.net/akamaihd.net/*.akamaihd.net/whatsapp.net/*.whatsapp.net/whatsapp.com/*.whatsapp.com/www-cdn.whatsapp.net/googleapis.com/*.googleapis.com/ucy.ac.cy/1e100.net/hwcdn.net/usrcdn,usrcdn6 32 | 33 | ## Bulk downloads 34 | #qq download 35 | ipset=/download.qq.com/bulk,bulk6 36 | # Steam Download 37 | ipset=/steamcontent.com/bulk,bulk6 38 | # PSN Download 39 | ipset=/gs2.ww.prod.dl.playstation.net/bulk,bulk6 40 | # DropBox 41 | ipset=/dropbox.com/dropboxstatic.com/dropbox-dns.com/log.getdropbox.com/bulk,bulk6 42 | # Google Drive 43 | ipset=/drive.google.com/drive-thirdparty.googleusercontent.com/bulk,bulk6 44 | # Google Docs 45 | ipset=/docs.google.com/docs.googleusercontent.com/bulk,bulk6 46 | # PlayStore Download 47 | ipset=/gvt1.com/bulk,bulk6 48 | # WhatsApp Files 49 | ipset=/mmg-fna.whatsapp.net/bulk,bulk6 50 | # Youtube Upload 51 | ipset=/upload.youtube.com/upload.video.google.com/bulk,bulk6 52 | # WindowsUpdate 53 | ipset=/windowsupdate.com/update.microsoft.com/bulk,bulk6 54 | -------------------------------------------------------------------------------- /DSCP-ipv4.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -x 2 | IPT="iptables" 3 | ########## 4 | #Veth start 5 | ########## 6 | WANIF="pppoe-wan" #wan interface 7 | 8 | tc qdisc add dev wlan0 root mq #setup multi queue for wifi device 9 | ## set up veth devices to handle inbound and outbound traffic 10 | ip link show | grep veth0 || ip link add type veth 11 | 12 | ## get new veth interfaces up 13 | ip link set veth0 up 14 | ip link set veth1 up 15 | 16 | ## trun on promisc mode,sometimes it's needed to make bridge work 17 | ip link set veth1 promisc on 18 | 19 | ## add veth1 to bridge 20 | brctl addif br-lan veth1 21 | 22 | ## just to make sure there's nothing inside this table 23 | ip rule del priority 100 24 | ip route flush table 100 25 | 26 | ## add routing for veth0 this will handle all traffic 27 | ip route add default dev veth0 table 100 28 | ip rule add iif $WANIF table 100 priority 100 29 | ######### 30 | #Veth end 31 | ######### 32 | ##ipset for streaming sites.they are being filled by dnsmasq 33 | ipset create streaming hash:ip 34 | ipset create usrcdn hash:ip 35 | ipset create bulk hash:ip 36 | ipset create latsens hash:ip 37 | 38 | $IPT -t mangle -N dscp_mark > /dev/null 2>&1 39 | $IPT -t mangle -F dscp_mark 40 | ## check if POSTROUTING already exits then jumps to our tables if not, add them 41 | 42 | $IPT -t mangle -L POSTROUTING -n | grep dscp_mark || $IPT -t mangle -A POSTROUTING -j dscp_mark 43 | 44 | iptmark(){ 45 | $IPT -t mangle -A dscp_mark "$@" 46 | } 47 | 48 | # Example How to limit video to 200ko/s in case you're on quota ( 4G/LTE ) 49 | # first clean all : 50 | #iptables -F forwarding_rule 51 | #iptables -A forwarding_rule -m set --match-set vidstream src -m hashlimit --hashlimit-mode srcip,dstip --hashlimit-name "videolimit" --hashlimit-above 200kb/s -j DROP 52 | #iptables -A forwarding_rule -s 64.18.0.0/20,64.233.160.0/19,66.102.0.0/20,66.249.80.0/20,72.14.192.0/18,74.125.0.0/16,173.194.0.0/16,207.126.144.0/20,209.85.128.0/17,216.58.208.0/20,216.239.32.0/19 -m hashlimit --hashlimit-mode srcip,dstip --hashlimit-name "videolimit" --hashlimit-above 200kb/s -j DROP 53 | 54 | ## start by washing the dscp to CS0 55 | 56 | iptmark -j DSCP --set-dscp 0 57 | 58 | #A robust 2 rules to detect realtime traffic 59 | 60 | # mark connections that go over 115 packets per second, not prioritized 61 | iptmark -p udp -m hashlimit --hashlimit-name udp_high_prio --hashlimit-above 115/sec --hashlimit-burst 50 --hashlimit-mode srcip,srcport,dstip,dstport -j CONNMARK --set-mark 0x55 -m comment --comment "connmark for udp" 62 | 63 | # unmarked UDP streams with small packets get CS6 64 | iptmark -p udp -m connmark ! --mark 0x55 -m multiport ! --ports 22,25,53,67,68,123,143,161,162,514,5353,80,443,8080,60001 -m connbytes --connbytes 0:940 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS6 -m comment --comment "small udp connection gets CS6" 65 | 66 | #large udp streams like video call get AF41 67 | iptmark -p udp -m connmark ! --mark 0x55 -m multiport ! --ports 22,25,53,67,68,123,143,161,162,514,5353,80,443,8080,60001 -m connbytes --connbytes 940:1500 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class AF41 -m comment --comment "large udp connection gets AF41" 68 | 69 | ######################################## 70 | # Latency Sensitive (gaming/voip) 71 | ######################################## 72 | ##ICMP, to prioritize pings 73 | iptmark -p icmp -j DSCP --set-dscp-class CS5 -m comment --comment "ICMP-pings" 74 | 75 | #DNS traffic both udp and tcp 76 | iptmark -p udp -m multiport --port 53,5353,8888 -j DSCP --set-dscp-class CS5 -m comment --comment "DNS udp" 77 | iptmark -p tcp -m multiport --port 53,5353,8888 -j DSCP --set-dscp-class CS5 -m comment --comment "DNS tcp" 78 | 79 | #NTP 80 | iptmark -p udp -m multiport --port 123 -j DSCP --set-dscp-class CS6 -m comment --comment "NTP udp" 81 | 82 | #High priority ipset, i use for pubgM 83 | iptmark ! -p tcp -m set --match-set latsens src,dst -j DSCP --set-dscp-class CS6 -m comment --comment "latency sensitive ipset" ## set dscp tag for Latency Sensitive (latsens) ipset,udp 84 | 85 | iptmark -p tcp -m set --match-set latsens src,dst -j DSCP --set-dscp-class CS5 -m comment --comment "latency sensitive ipset" ## set dscp tag for Latency Sensitive (latsens) ipset 86 | 87 | ######## 88 | ##Browsing 89 | ######## 90 | ## medium priority for browsing 91 | iptmark -p tcp -m multiport --ports 80,443,8080 -j DSCP --set-dscp-class CS3 -m comment --comment "Browsing at CS3" 92 | 93 | ################## 94 | #TCP SYN,ACK flows 95 | ################## 96 | #Make sure ACK,SYN packets get priority (to avoid upload speed limiting our download speed) 97 | iptmark -p tcp --tcp-flags ALL ACK -m length --length :128 -j DSCP --set-dscp-class CS3 98 | iptmark -p tcp --tcp-flags ALL SYN -m length --length :666 -j DSCP --set-dscp-class CS3 99 | 100 | #Small packet is probably interactive or flow control 101 | iptmark -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 -m length --length 0:500 -j DSCP --set-dscp-class CS3 102 | 103 | #Small packet connections: multi purpose (don't harm since not maxed out) 104 | iptmark -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 -m connbytes --connbytes 0:250 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS3 105 | 106 | 107 | ######################################## 108 | # Streaming Media (videos/audios) 109 | ######################################## 110 | #Known video streams sites like netflix 111 | iptmark -m set --match-set streaming src,dst -j DSCP --set-dscp-class AF41 -m comment --comment "video audio stream ipset" 112 | 113 | # some iptv provider's use this port 114 | iptmark -p tcp -m multiport --ports 1935,9982 -j DSCP --set-dscp-class AF41 -m comment --comment "some iptv streaming service" 115 | 116 | #known usrcdn like google or akamai 117 | 118 | iptmark -m set --match-set usrcdn src,dst -j DSCP --set-dscp-class AF21 -m comment --comment "usrcdn ipset" 119 | 120 | ######################################### 121 | # Background Traffic (Bulk/file transfer) 122 | ######################################### 123 | #bulk traffic ipset, like windows udates and steam updates/downloads 124 | iptmark -p tcp -m set --match-set bulk src,dst -j DSCP --set-dscp-class CS1 -m comment --comment "bulk traffic ipset" 125 | iptmark -p udp -m set --match-set bulk src,dst -j DSCP --set-dscp-class CS1 -m comment --comment "bulk traffic ipset" 126 | iptmark -p tcp -m connbytes --connbytes 350000: --connbytes-dir both --connbytes-mode bytes -m dscp --dscp-class CS0 -j DSCP --set-dscp-class CS1 -m comment --comment "Downgrade CS0 to CS1 for bulk tcp traffic" 127 | iptmark -p tcp -m connbytes --connbytes 350000: --connbytes-dir both --connbytes-mode bytes -m dscp --dscp-class CS3 -j DSCP --set-dscp-class CS1 -m comment --comment "Downgrade CS3 to CS1 for bulk tcp traffic" 128 | iptmark -p udp -m multiport --port 60001 -j DSCP --set-dscp-class CS1 -m comment --comment "bulk torrent port UDP" 129 | 130 | 131 | #tcpdump rule, copy and paste this rule into terminal, this rule is used to capture realtime traffic, you can change ip to what you like 132 | #tcpdump -i br-lan host 192.168.1.126 and udp and portrange 1-65535 and !port 53 and ! port 80 and ! port 443 -vv -X -w /root/cap-name.p 133 | -------------------------------------------------------------------------------- /DSCP-ipv6.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -x 2 | IPT="iptables" 3 | IPT6="ip6tables" 4 | ########### 5 | #Veth start 6 | ########### 7 | WANIF="pppoe-wan" #wan interface name 8 | 9 | tc qdisc add dev wlan0 root mq #setup multi queue for wifi device 10 | ## set up veth devices to handle inbound and outbound traffic 11 | ip link show | grep veth0 || ip link add type veth 12 | 13 | ## get new veth interfaces up 14 | ip link set veth0 up 15 | ip link set veth1 up 16 | 17 | ## trun on promisc mode,sometimes it's needed to make bridge work 18 | ip link set veth1 promisc on 19 | 20 | ## add veth1 to bridge 21 | brctl addif br-lan veth1 22 | 23 | ## just to make sure there's nothing inside this table 24 | ip rule del priority 100 25 | ip route flush table 100 26 | 27 | ## add routing for veth0 this will handle all traffic 28 | ip route add default dev veth0 table 100 29 | ip rule add iif $WANIF table 100 priority 100 30 | ######### 31 | #Veth end 32 | ######### 33 | 34 | ##ipset for streaming sites.they are being filled by dnsmasq 35 | ipset create streaming hash:ip 36 | ipset create streaming6 hash:ip family inet6 37 | 38 | ipset create usrcdn hash:ip 39 | ipset create usrcdn6 hash:ip family inet6 40 | 41 | ipset create bulk hash:ip 42 | ipset create bulk6 hash:ip family inet6 43 | 44 | ipset create latsens hash:ip 45 | ipset create latsens6 hash:ip family inet6 46 | 47 | $IPT -t mangle -N dscp_mark > /dev/null 2>&1 48 | $IPT6 -t mangle -N dscp_mark > /dev/null 2>&1 49 | 50 | $IPT -t mangle -F dscp_mark 51 | $IPT6 -t mangle -F dscp_mark 52 | 53 | ## check if POSTROUTING already exits then jumps to our tables if not, add them 54 | 55 | $IPT -t mangle -L POSTROUTING -n | grep dscp_mark || $IPT -t mangle -A POSTROUTING -j dscp_mark 56 | 57 | $IPT6 -t mangle -L POSTROUTING -n | grep dscp_mark || $IPT6 -t mangle -A POSTROUTING -j dscp_mark 58 | 59 | iptmark() { 60 | $IPT -t mangle -A dscp_mark "$@" 61 | } 62 | 63 | ipt6mark() { 64 | $IPT6 -t mangle -A dscp_mark "$@" 65 | } 66 | 67 | ## start by washing the dscp to CS0 68 | 69 | iptmark -j DSCP --set-dscp 0 70 | ipt6mark -j DSCP --set-dscp 0 71 | 72 | #A robust 2 rules to detect realtime traffic 73 | 74 | # mark connections that go over 115 packets per second, not prioritized 75 | iptmark -p udp -m hashlimit --hashlimit-name udp_high_prio --hashlimit-above 115/sec --hashlimit-burst 50 --hashlimit-mode srcip,srcport,dstip,dstport -j CONNMARK --set-mark 0x55 -m comment --comment "connmark for udp" 76 | 77 | ipt6mark -p udp -m hashlimit --hashlimit-name udp_high_prio --hashlimit-above 115/sec --hashlimit-burst 50 --hashlimit-mode srcip,srcport,dstip,dstport -j CONNMARK --set-mark 0x55 -m comment --comment "connmark for udp6" 78 | 79 | # unmarked UDP streams with small packets get CS6 80 | iptmark -p udp -m connmark ! --mark 0x55 -m multiport ! --ports 22,25,53,67,68,123,143,161,162,514,5353,80,443,8080,60001 -m connbytes --connbytes 0:940 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS6 -m comment --comment "small udp connection gets CS6" 81 | 82 | ipt6mark -p udp -m connmark ! --mark 0x55 -m multiport ! --ports 22,25,53,67,68,123,143,161,162,514,5353,80,443,8080,60001 -m connbytes --connbytes 0:940 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS6 -m comment --comment "small udp6 connection gets CS6" 83 | 84 | #large udp streams like video call get AF41 85 | iptmark -p udp -m connmark ! --mark 0x55 -m multiport ! --ports 22,25,53,67,68,123,143,161,162,514,5353,80,443,8080,60001 -m connbytes --connbytes 940:1500 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class AF41 -m comment --comment "large udp connection gets AF41" 86 | 87 | ipt6mark -p udp -m connmark ! --mark 0x55 -m multiport ! --ports 22,25,53,67,68,123,143,161,162,514,5353,80,443,8080,60001 -m connbytes --connbytes 940:1500 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class AF41 -m comment --comment "large udp6 connection gets AF41" 88 | 89 | ######################################## 90 | # Latency Sensitive (gaming/voip) 91 | ######################################## 92 | ##ICMP, to prioritize pings 93 | iptmark -p icmp -j DSCP --set-dscp-class CS5 -m comment --comment "ICMP-pings" 94 | ipt6mark -p icmp -j DSCP --set-dscp-class CS5 -m comment --comment "ICMP6-pings" 95 | 96 | #DNS traffic both udp and tcp 97 | iptmark -p udp -m multiport --port 53,5353,8888 -j DSCP --set-dscp-class CS5 -m comment --comment "DNS udp" 98 | ipt6mark -p udp -m multiport --port 53,5353,8888 -j DSCP --set-dscp-class CS5 -m comment --comment "DNS udp6" 99 | 100 | iptmark -p tcp -m multiport --port 53,5353,8888 -j DSCP --set-dscp-class CS5 -m comment --comment "DNS tcp" 101 | ipt6mark -p tcp -m multiport --port 53,5353,8888 -j DSCP --set-dscp-class CS5 -m comment --comment "DNS tcp6" 102 | 103 | #NTP 104 | iptmark -p udp -m multiport --port 123 -j DSCP --set-dscp-class CS6 -m comment --comment "NTP udp" 105 | ipt6mark -p udp -m multiport --port 123 -j DSCP --set-dscp-class CS6 -m comment --comment "NTP6 udp" 106 | 107 | #High priority ipset, i use for pubgM 108 | iptmark ! -p tcp -m set --match-set latsens src,dst -j DSCP --set-dscp-class CS6 -m comment --comment "latency sensitive ipset" ## set dscp tag for Latency Sensitive (latsens) ipset,udp 109 | ipt6mark ! -p tcp -m set --match-set latsens6 src,dst -j DSCP --set-dscp-class CS6 -m comment --comment "latency sensitive ipset6" ## set dscp tag for Latency Sensitive (latsens) ipset,udp 110 | 111 | iptmark -p tcp -m set --match-set latsens src,dst -j DSCP --set-dscp-class CS5 -m comment --comment "latency sensitive ipset" ## set dscp tag for Latency Sensitive (latsens) ipset 112 | ipt6mark -p tcp -m set --match-set latsens6 src,dst -j DSCP --set-dscp-class CS5 -m comment --comment "latency sensitive ipset6" ## set dscp tag for Latency Sensitive (latsens) ipset 113 | 114 | ########### 115 | ##Browsing 116 | ########### 117 | ## medium priority for browsing 118 | iptmark -p tcp -m multiport --ports 80,443,8080 -j DSCP --set-dscp-class CS3 -m comment --comment "Browsing at CS3" 119 | 120 | ipt6mark -p tcp -m multiport --ports 80,443,8080 -j DSCP --set-dscp-class CS3 -m comment --comment "Browsing6 at CS3" 121 | ################## 122 | #TCP SYN,ACK flows 123 | ################## 124 | #Make sure ACK,SYN packets get priority (to avoid upload speed limiting our download speed) 125 | iptmark -p tcp --tcp-flags ALL ACK -m length --length :128 -j DSCP --set-dscp-class CS3 126 | ipt6mark -p tcp --tcp-flags ALL ACK -m length --length :128 -j DSCP --set-dscp-class CS3 127 | 128 | iptmark -p tcp --tcp-flags ALL SYN -m length --length :666 -j DSCP --set-dscp-class CS3 129 | ipt6mark -p tcp --tcp-flags ALL SYN -m length --length :666 -j DSCP --set-dscp-class CS3 130 | 131 | #Small packet is probably interactive or flow control 132 | iptmark -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 -m length --length 0:500 -j DSCP --set-dscp-class CS3 133 | ipt6mark -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 -m length --length 0:500 -j DSCP --set-dscp-class CS3 134 | 135 | #Small packet connections: multi purpose (don't harm since not maxed out) 136 | iptmark -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 -m connbytes --connbytes 0:250 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS3 137 | ipt6mark -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 -m connbytes --connbytes 0:250 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS3 138 | 139 | ######################################## 140 | # Streaming Media (videos/audios) 141 | ######################################## 142 | #Known video streams sites like netflix 143 | iptmark -m set --match-set streaming src,dst -j DSCP --set-dscp-class AF41 -m comment --comment "video audio stream ipset" 144 | ipt6mark -m set --match-set streaming6 src,dst -j DSCP --set-dscp-class AF41 -m comment --comment "video audio stream ipset6" 145 | 146 | # some iptv provider's use this port 147 | iptmark -p tcp -m multiport --ports 1935,9982 -j DSCP --set-dscp-class AF41 -m comment --comment "some iptv streaming service" 148 | ipt6mark -p tcp -m multiport --ports 1935,9982 -j DSCP --set-dscp-class AF41 -m comment --comment "some iptv streaming service6" 149 | 150 | #known usrcdn like google or akamai 151 | iptmark -m set --match-set usrcdn src,dst -j DSCP --set-dscp-class AF21 -m comment --comment "usrcdn ipset" 152 | ipt6mark -m set --match-set usrcdn6 src,dst -j DSCP --set-dscp-class AF21 -m comment --comment "usrcdn ipset6" 153 | 154 | ######################################### 155 | # Background Traffic (Bulk/file transfer) 156 | ######################################### 157 | #bulk traffic ipset, like windows udates and steam updates/downloads 158 | iptmark -p tcp -m set --match-set bulk src,dst -j DSCP --set-dscp-class CS1 -m comment --comment "bulk traffic ipset" 159 | ipt6mark -p tcp -m set --match-set bulk6 src,dst -j DSCP --set-dscp-class CS1 -m comment --comment "bulk traffic ipset6" 160 | 161 | iptmark -p udp -m set --match-set bulk src,dst -j DSCP --set-dscp-class CS1 -m comment --comment "bulk traffic ipset" 162 | ipt6mark -p udp -m set --match-set bulk6 src,dst -j DSCP --set-dscp-class CS1 -m comment --comment "bulk traffic ipset6" 163 | 164 | iptmark -p tcp -m connbytes --connbytes 350000: --connbytes-dir both --connbytes-mode bytes -m dscp --dscp-class CS0 -j DSCP --set-dscp-class CS1 -m comment --comment "Downgrade CS0 to CS1 for bulk tcp traffic" 165 | ipt6mark -p tcp -m connbytes --connbytes 350000: --connbytes-dir both --connbytes-mode bytes -m dscp --dscp-class CS0 -j DSCP --set-dscp-class CS1 -m comment --comment "Downgrade CS0 to CS1 for bulk tcp traffic6" 166 | 167 | iptmark -p tcp -m connbytes --connbytes 350000: --connbytes-dir both --connbytes-mode bytes -m dscp --dscp-class CS3 -j DSCP --set-dscp-class CS1 -m comment --comment "Downgrade CS3 to CS1 for bulk tcp traffic" 168 | ipt6mark -p tcp -m connbytes --connbytes 350000: --connbytes-dir both --connbytes-mode bytes -m dscp --dscp-class CS3 -j DSCP --set-dscp-class CS1 -m comment --comment "Downgrade CS3 to CS1 for bulk tcp traffic6" 169 | 170 | iptmark -p udp -m multiport --port 60001 -j DSCP --set-dscp-class CS1 -m comment --comment "bulk torrent port UDP" 171 | ipt6mark -p udp -m multiport --port 60001 -j DSCP --set-dscp-class CS1 -m comment --comment "bulk torrent port UDP6" 172 | 173 | #tcpdump rule, copy and paste this rule into terminal, this rule is used to capture realtime traffic, you can change ip to what you like 174 | #tcpdump -i br-lan host 192.168.1.126 and udp and portrange 1-65535 and !port 53 175 | --------------------------------------------------------------------------------