This is a script I use to throttle one machine down to half our ADSL rate. This machine is used for downloading large files (for example .iso's of the latest LinuxDistribution), but we don't want it impacting the rest of our machines. This example was stolen from the Advanced Router HOWTO, and cleaned up a bit by me. 

  

 You run this script on your gateway rate limiting data to your internal client machine(s). 

  

  #!/bin/sh 

  

  # The device data is going *out* of. You can't stop a machine recieving data (short of firewalling) 

  # But you can limit how fast it *sends* data. 

  DEV=eth0 

  

  IP=10.10.10.13 

  

  # How fast your internal network is. This is used to estimate the rates more accurately. If this 

  # is wrong then the rate will be out by a little bit or something. 

  LINERATE=100mbit 

  

  # Where the tc executable is. 

  TC=/sbin/tc 

  

  echo Cant find $TC, aborting 

  exit 1 

  fi 

  

  # around this is to change the hash function frequently so that this effect is reduced. However 

  # doing this too often makes your rate limiting less accurate, doing it too rarely means that 

  # data is incorrectly classified as above, so we tell the kernel to change the hash every 10s. 

  $TC qdisc add dev $DEV parent 1:1 sfq perturb 10 

  

 Hopefully this is enough to get people started, please, if you know anything more add it to this page. I found the advanced router howto very oblique in it's information. 

  

 ---- 

 Some points to remember: 

 !!Outgoing interface 

  

 Notes: 

 This will not work with masquerading 

 The network connection can still get easily saturated 

  #!/bin/sh 

  # List of IPs to have upload throttled 

  IPS=`seq 114 117 | awk '{print "1.2.3."$1}'` 

  

  match ip src $IP flowid 1:$LASTTHING 

  

  tc qdisc add dev ppp0 parent 1:$LASTTHING sfq perturb 10 

  done; 

 ---- 

 After a bit of fiddling I've managed to get TrafficShaping working on a per protocol (read port) basis 

  

 as per below 

 started to go critical because of the latency introduced, so we needed to differentiate between different 

 ports and protocols 

  

 so I ended up with this script 

  #!/bin/sh 

  

  DEV=eth0 

  

  echo "---- Class parameters Ingress ----------" 

  $TC class ls dev $DEV 

  echo "---- filter parameters Ingress ----------" 

  $TC filter ls dev $DEV 

 ''note that sport and protocols require 2 operands, the port/protocol number and a mask'' 

  

  

 ---- 

  

 It is possible to perform ingress shaping using a similar process. Your version of tc has to have ingress support compiled in - it appears that some RedHat versions may not have this. 

  

 The following script will limit traffic from source port 80 (ie, the return-path from a web connection) to 100kbit. It applies these rules on ppp0, which is my external interface. 

  #!/bin/sh 

  

  TC=/sbin/tc 

  IPTABLES=/sbin/iptables 

  $TC qdisc add dev $DEV handle FFFF: ingress 

  # apply the actual filter. 

  $TC filter add dev $DEV parent ffff: protocol ip prio 50 handle 1 fw \ 

  police rate $THROTTLE burst $BURST mtu $MTU drop flowid :1 

  

 If I look at the output of wget, its reasonably good at limiting a port 80 download to 10 - 12k/second, which is about right for what we asked. If i look at my ppp0 usage meter in gkrellm, it seems to be using more bandwidth than it should - spends a lot of time at 16 or 17 K/s incoming. Running iptraf on ppp0, in detailed statistics mode, shows that my incoming rate seems to be about 100kbit/sec, although it tends to be a bit higher than this normally. I also tested, and verified, that traffic not caught by the above script - eg, FTP traffic, still obtained full rate