Greetings. I asked elsewhere but have been informed that this list (Linux Advanced Routing and Traffic Control (LARTC)) is the place to ask about traffic shaping on Linux with tc. The goal of the rules below are to give top priority to SSH, next priority to HTTP/HTTPS, third priority to everything else, and, then, with what's left over give something to IPFS. General tips and corrections also welcome, especially about nft instead of iptables. My question is, given the rules below, and if they are otherwise correct, how would I further subdivide the SSH queue so that interactive sessions are prioritized over bulk transfers? Regards, Lars --- #!/bin/sh PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin if=wlp1s0 # remove existing qdiscs, classes, and filters from interface tc qdisc del dev $if ingress tc qdisc del dev $if root # default class for unclassified traffic tc qdisc replace dev $if root handle 1: htb default 30 # top level class with handle 1:1 tc class add dev $if parent 1: classid 1:1 htb rate 800kbit # Class 1:10 is highest priority, SSH/SFTP # Class 1:20 is next highest priority, HTTP/HTTPS # Class 1:30 is next lowest priority, default traffic # Class 1:40 is lowest priority but highest bandwidth, IPFS tc class add dev $if parent 1:1 classid 1:10 htb rate 1mbit \ ceil 200kbit prio 1 tc class add dev $if parent 1:1 classid 1:20 htb rate 1mbit \ ceil 100kbit prio 2 tc class add dev $if parent 1:1 classid 1:30 htb rate 1mbit \ ceil 100kbit prio 3 tc class add dev $if parent 1:1 classid 1:40 htb rate 1mbit \ ceil 400kbit prio 4 # leaf qdisc to each child class tc qdisc add dev $if parent 1:10 fq_codel tc qdisc add dev $if parent 1:20 fq_codel tc qdisc add dev $if parent 1:30 fq_codel tc qdisc add dev $if parent 1:40 fq_codel # add filters to prioritize traffic tc filter add dev $if parent 1: handle 100 fw classid 1:10 tc filter add dev $if parent 1: handle 200 fw classid 1:20 tc filter add dev $if parent 1: handle 400 fw classid 1:40 # label outgoing traffic iptables -Z; # zero counters iptables -F; # flush (delete) rules iptables -X; # delete all extra chains iptables -t mangle -A OUTPUT -p tcp --match multiport \ --sports 22 -j MARK --set-mark 100 iptables -t mangle -A OUTPUT -p tcp --match multiport \ --sports 80,443 -j MARK --set-mark 200 iptables -t mangle -A OUTPUT -p tcp --match multiport \ --sports 4001 -j MARK --set-mark 400
