Объясните пожалуйста почему так, базы чистые. Вроде все нормально, но... наблюдаем следующую картину
Код:
ipset -A allowhosts 10.15.21.118
ipset -A banhosts 10.15.21.118
ipset -A allowhosts 178.214.224.27
ipset -A banhosts 178.214.224.27
tc class del dev vlan3003 parent 1:2 classid 1:1535
tc class add dev vlan3003 parent 1:2 classid 1:1535 htb rate 200Kbit ceil 95000Kbit burst 512k prio 1
tc qdisc add dev vlan3003 parent 1:1535 handle 1535: sfq perturb 10 quantum 1500
tc filter add dev vlan3003 parent 1:0 protocol ip pref 12 u32 ht F:76 match ip dst 10.15.21.118 flowid 1:1535
#tc filter add dev vlan3003 parent ffff: protocol ip pref 12 u32 ht F:76 match ip src 10.15.21.118 police rate 4mbit burst 500kb drop flowid :1
tc filter add dev vlan3003 parent 1:0 protocol ip pref 12 u32 ht D6:1B match ip dst 178.214.224.27 flowid 1:1535
#tc filter add dev vlan3003 parent ffff: protocol ip pref 12 u32 ht D6:1B match ip src 178.214.224.27 police rate 4mbit burst 500kb drop flowid :1
delete =|ipset -D allowhosts 10.15.21.118|sh /usr/tc_delfilters vlan3003 12 af1576|ipset -D allowhosts 178.214.224.27|sh /usr/tc_delfilters vlan3003 12 b2d6e01b|sh /usr/tc_delrules vlan3003 12 1:1535|
commands:
Далее по тексту лога
Код:
ipset -A allowhosts 10.15.21.118
ipset -A banhosts 10.15.21.118
ipset -A allowhosts 178.214.224.27
ipset -A banhosts 178.214.224.27
tc class del dev vlan3003 parent 1:2 classid 1:1535
tc class add dev vlan3003 parent 1:2 classid 1:1535 htb rate 200Kbit ceil 95000Kbit burst 512k prio 1
tc qdisc add dev vlan3003 parent 1:1535 handle 1535: sfq perturb 10 quantum 1500
tc filter add dev vlan3003 parent 1:0 protocol ip pref 12 u32 ht F:76 match ip dst 10.15.21.118 flowid 1:1535
#tc filter add dev vlan3003 parent ffff: protocol ip pref 12 u32 ht F:76 match ip src 10.15.21.118 police rate 4mbit burst 500kb drop flowid :1
tc filter add dev vlan3003 parent 1:0 protocol ip pref 12 u32 ht D6:1B match ip dst 178.214.224.27 flowid 1:1535
#tc filter add dev vlan3003 parent ffff: protocol ip pref 12 u32 ht D6:1B match ip src 178.214.224.27 police rate 4mbit burst 500kb drop flowid :1
delete =|ipset -D allowhosts 10.15.21.118|sh /usr/tc_delfilters vlan3003 12 af1576|ipset -D allowhosts 178.214.224.27|sh /usr/tc_delfilters vlan3003 12 b2d6e01b|sh /usr/tc_delrules vlan3003 12 1:1535|
commands:
И еще далее
Код:
ipset -A allowhosts 10.15.12.96
ipset -A banhosts 10.15.12.96
ipset -A allowhosts 10.15.12.97
ipset -A banhosts 10.15.12.97
ipset -A allowhosts 10.15.12.98
ipset -A banhosts 10.15.12.98
ipset -A allowhosts 10.15.12.99
ipset -A banhosts 10.15.12.99
ipset -A allowhosts 10.15.12.100
ipset -A banhosts 10.15.12.100
ipset -A allowhosts 10.15.12.121
ipset -A banhosts 10.15.12.121
ipset -A allowhosts 178.214.224.26
ipset -A banhosts 178.214.224.26
ipset -A allowhosts 178.214.224.27
ipset -A banhosts 178.214.224.27
ipset -A allowhosts 178.214.224.28
ipset -A banhosts 178.214.224.28
tc class del dev vlan3003 parent 1:2 classid 1:3045
tc class add dev vlan3003 parent 1:2 classid 1:3045 htb rate 200Kbit ceil 95000Kbit burst 512k prio 1
tc qdisc add dev vlan3003 parent 1:3045 handle 3045: sfq perturb 10 quantum 1500
tc filter add dev vlan3003 parent 1:0 protocol ip pref 12 u32 ht F:60 match ip dst 10.15.12.96 flowid 1:3045
#tc filter add dev vlan3003 parent ffff: protocol ip pref 12 u32 ht F:60 match ip src 10.15.12.96 police rate 4mbit burst 500kb drop flowid :1
tc filter add dev vlan3003 parent 1:0 protocol ip pref 12 u32 ht F:61 match ip dst 10.15.12.97 flowid 1:3045
#tc filter add dev vlan3003 parent ffff: protocol ip pref 12 u32 ht F:61 match ip src 10.15.12.97 police rate 4mbit burst 500kb drop flowid :1
tc filter add dev vlan3003 parent 1:0 protocol ip pref 12 u32 ht F:62 match ip dst 10.15.12.98 flowid 1:3045
#tc filter add dev vlan3003 parent ffff: protocol ip pref 12 u32 ht F:62 match ip src 10.15.12.98 police rate 4mbit burst 500kb drop flowid :1
tc filter add dev vlan3003 parent 1:0 protocol ip pref 12 u32 ht F:63 match ip dst 10.15.12.99 flowid 1:3045
#tc filter add dev vlan3003 parent ffff: protocol ip pref 12 u32 ht F:63 match ip src 10.15.12.99 police rate 4mbit burst 500kb drop flowid :1
tc filter add dev vlan3003 parent 1:0 protocol ip pref 12 u32 ht F:64 match ip dst 10.15.12.100 flowid 1:3045
#tc filter add dev vlan3003 parent ffff: protocol ip pref 12 u32 ht F:64 match ip src 10.15.12.100 police rate 4mbit burst 500kb drop flowid :1
tc filter add dev vlan3003 parent 1:0 protocol ip pref 12 u32 ht F:79 match ip dst 10.15.12.121 flowid 1:3045
#tc filter add dev vlan3003 parent ffff: protocol ip pref 12 u32 ht F:79 match ip src 10.15.12.121 police rate 4mbit burst 500kb drop flowid :1
tc filter add dev vlan3003 parent 1:0 protocol ip pref 12 u32 ht D6:1A match ip dst 178.214.224.26 flowid 1:3045
#tc filter add dev vlan3003 parent ffff: protocol ip pref 12 u32 ht D6:1A match ip src 178.214.224.26 police rate 4mbit burst 500kb drop flowid :1
tc filter add dev vlan3003 parent 1:0 protocol ip pref 12 u32 ht D6:1B match ip dst 178.214.224.27 flowid 1:3045
#tc filter add dev vlan3003 parent ffff: protocol ip pref 12 u32 ht D6:1B match ip src 178.214.224.27 police rate 4mbit burst 500kb drop flowid :1
tc filter add dev vlan3003 parent 1:0 protocol ip pref 12 u32 ht D6:1C match ip dst 178.214.224.28 flowid 1:3045
#tc filter add dev vlan3003 parent ffff: protocol ip pref 12 u32 ht D6:1C match ip src 178.214.224.28 police rate 4mbit burst 500kb drop flowid :1
delete =|ipset -D allowhosts 10.15.12.96|sh /usr/tc_delfilters vlan3003 12 afc60|ipset -D allowhosts 10.15.12.97|sh /usr/tc_delfilters vlan3003 12 afc61|ipset -D allowhosts 10.15.12.98|sh /usr/tc_delfilters vlan3003 12 afc62|ipset -D all
owhosts 10.15.12.99|sh /usr/tc_delfilters vlan3003 12 afc63|ipset -D allowhosts 10.15.12.100|sh /usr/tc_delfilters vlan3003 12 afc64|ipset -D allowhosts 10.15.12.121|sh /usr/tc_delfilters vlan3003 12 afc79|ipset -D allowhosts 178.214.224
.26|sh /usr/tc_delfilters vlan3003 12 b2d6e01a|ipset -D allowhosts 178.214.224.27|sh /usr/tc_delfilters vlan3003 12 b2d6e01b|ipset -D allowhosts 178.214.224.28|sh /usr/tc_delfilters vlan3003 12 b2d6e01c|sh /usr/tc_delrules vlan3003 12 1:
3045|
commands:
Обратите внимание на адрес 178.214.224.27 все это приводит к пропуска трафика с этого адреса при условии наличия правил разрешающих на одном из 3х договоров