I use CrashPlan as a backup service. It works and is very simple to set up, but has limited options for controlling bandwidth. In fact, if you're running it on a headless system (e.g., a fileserver of some sort), your options are effectively "too slow" and "CONSUME EVERYTHING". There is an open request to add time-based limitations to the application itself, but for now I've solved this using a very simple traffic shaping configuration. Because the learning curve for "tc" and friends is surprisingly high, I'm putting my script here in the hopes that other people might find it useful, and so that I can find it when I need to do this again someday.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
#!/bin/sh # The network device used for backups dev=p10p1 # The remove address of the CrashPlanserver crashplan_addr=22.214.171.124 # The port crashplan_port=443 # The rate limit. See tc(8) for acceptable syntax. crashplan_limit=2mbit if [ "$1" = "enable" ]; then # # This creates and activates the traffic shaper # configuration. # logger -s -t ratelimit -p user.notice "enabling rate limits" tc qdisc del dev $dev root > /dev/null 2>&1 tc qdisc add dev $dev root handle 1: htb tc class add dev $dev parent 1: classid 1:10 htb rate $crashplan_limit tc filter add dev $dev parent 1: prio 0 protocol ip handle 10 fw flowid 1:10 iptables -t mangle -A OUTPUT -d $crashplan_addr -p tcp --dport $crashplan_port -j MARK --set-mark 10 elif [ "$1" = "disable" ]; then # # This removes the traffic shaper # configuration. # logger -s -t ratelimit -p user.notice "disabling rate limits" tc qdisc del dev $dev root > /dev/null 2>&1 iptables -t mangle -D OUTPUT -d $crashplan_addr -p tcp --dport $crashplan_port -j MARK --set-mark 10 elif [ "$1" = "show" ]; then # # Shows the current traffic shaper configuration. # tc qdisc show dev $dev tc class show dev $dev tc filter show dev $dev iptables -t mangle -vnL OUTPUT fi
Patch to gPXE dhcp command
Blocking VNC with iptables
VNC clients use the RFB protocol to provide virtual display capabilities. The RFB protocol, as implemented by most clients, provides very poor authentication options. While passwords are not actually sent "in the clear", it is possible to brute force them based on information available on the wire. The RFB 3 …read more
Linux UPnP Gateway
Like many other folks out there, I have several computers in my house connected to the outside world via a Linux box acting as a NAT gateway. I often want to use application such as BitTorrent and Freenet, which require that a number of ports be forwarded from my external …read more