#!/bin/bash

tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 1:0 htb default 10
tc class add dev eth0 parent 1:0 classid 1:10 htb rate 1gbps prio 0
tc class add dev eth0 parent 1:0 classid 1:20 htb rate 50mbit ceil 100mbit prio 0
tc class add dev eth0 parent 1:0 classid 1:30 htb rate 1mbit ceil 1mbit prio 0

tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 30 fw flowid 1:30

ipset -exist create http_abuser hash:ip timeout 3600

# iptables -I INPUT -p tcp --dport 80 -m string --algo bm --string 'GET /tor/status-vote/current/consensus HTTP' -j SET --add-set http_abuser src
#iptables -A OUTPUT -t mangle -p tcp --sport 443 -j MARK --set-mark 20
#iptables -A OUTPUT -t mangle -p tcp --sport 443 -m set --match-set http_abuser dst -j MARK --set-mark 30
#A=""
## A="$A 192.0.2.1" # whitelist
#for i in $A; do
 #iptables -I OUTPUT -t mangle -p tcp --sport 443 --destination $i -j ACCEPT
#done