Set up Quality of Service (QoS) on Linux servers using iptables DSCP marking, HTB queuing, and traffic classification. This tutorial shows you how to prioritize network traffic, implement bandwidth limits, and ensure critical applications get the network resources they need for optimal performance.
Prerequisites
- Root or sudo access
- Basic understanding of networking concepts
- Active network interface
- iptables installed and configured
What this solves
Network congestion can severely impact application performance, especially for latency-sensitive services like VoIP, video conferencing, and real-time databases. This tutorial configures advanced Quality of Service (QoS) using iptables DSCP marking and Hierarchical Token Bucket (HTB) queuing to prioritize critical traffic, implement bandwidth limits, and ensure fair resource allocation across your network infrastructure.
Step-by-step configuration
Install traffic control utilities
Install the iproute2 package which provides the tc (traffic control) command for managing network queues and traffic shaping.
sudo apt update
sudo apt install -y iproute2 iptables-persistent netfilter-persistent
sudo systemctl enable netfilter-persistentCreate HTB queuing discipline
Set up the HTB root queue with a total bandwidth limit and create priority classes for different types of traffic.
# Remove existing queues
sudo tc qdisc del dev eth0 root 2>/dev/null || true
Create root HTB queue with 100Mbps total bandwidth
sudo tc qdisc add dev eth0 root handle 1: htb default 30
Create root class with total bandwidth
sudo tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit
High priority class (40% bandwidth, can burst to 80%)
sudo tc class add dev eth0 parent 1:1 classid 1:10 htb rate 40mbit ceil 80mbit prio 1
Medium priority class (40% bandwidth, can burst to 60%)
sudo tc class add dev eth0 parent 1:1 classid 1:20 htb rate 40mbit ceil 60mbit prio 2
Low priority class (20% bandwidth, can burst to 40%)
sudo tc class add dev eth0 parent 1:1 classid 1:30 htb rate 20mbit ceil 40mbit prio 3Add SFQ queuing to leaf classes
Attach Stochastic Fair Queuing (SFQ) to each class to ensure fair distribution among flows within the same priority level.
# Add SFQ to high priority class
sudo tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
Add SFQ to medium priority class
sudo tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
Add SFQ to low priority class
sudo tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10Configure iptables DSCP marking rules
Create iptables rules to mark different types of traffic with appropriate DSCP values for classification.
# Create DSCP marking chain
sudo iptables -t mangle -N QOS_MARKING
Jump to marking chain for all traffic
sudo iptables -t mangle -A OUTPUT -j QOS_MARKING
sudo iptables -t mangle -A FORWARD -j QOS_MARKING
Mark VoIP traffic (SIP, RTP) - Expedited Forwarding (EF)
sudo iptables -t mangle -A QOS_MARKING -p udp --dport 5060 -j DSCP --set-dscp-class EF
sudo iptables -t mangle -A QOS_MARKING -p udp --dport 10000:20000 -j DSCP --set-dscp-class EF
Mark video traffic - Assured Forwarding 41 (AF41)
sudo iptables -t mangle -A QOS_MARKING -p tcp --dport 1935 -j DSCP --set-dscp-class AF41
sudo iptables -t mangle -A QOS_MARKING -p udp --dport 1935 -j DSCP --set-dscp-class AF41
Mark database traffic - Assured Forwarding 31 (AF31)
sudo iptables -t mangle -A QOS_MARKING -p tcp --dport 3306 -j DSCP --set-dscp-class AF31
sudo iptables -t mangle -A QOS_MARKING -p tcp --dport 5432 -j DSCP --set-dscp-class AF31
Mark web traffic - Assured Forwarding 21 (AF21)
sudo iptables -t mangle -A QOS_MARKING -p tcp --dport 80 -j DSCP --set-dscp-class AF21
sudo iptables -t mangle -A QOS_MARKING -p tcp --dport 443 -j DSCP --set-dscp-class AF21
Mark SSH traffic - Assured Forwarding 22 (AF22)
sudo iptables -t mangle -A QOS_MARKING -p tcp --dport 22 -j DSCP --set-dscp-class AF22
Mark bulk transfer traffic - Best Effort (default)
sudo iptables -t mangle -A QOS_MARKING -p tcp --dport 21 -j DSCP --set-dscp-class BE
sudo iptables -t mangle -A QOS_MARKING -p tcp --dport 20 -j DSCP --set-dscp-class BECreate traffic classification filters
Set up tc filters to classify packets based on their DSCP markings and direct them to appropriate HTB classes.
# Filter for high priority traffic (EF, AF41)
sudo tc filter add dev eth0 parent 1: protocol ip prio 1 u32 match ip tos 0xb8 0xfc flowid 1:10
sudo tc filter add dev eth0 parent 1: protocol ip prio 1 u32 match ip tos 0x88 0xfc flowid 1:10
Filter for medium priority traffic (AF31, AF22)
sudo tc filter add dev eth0 parent 1: protocol ip prio 2 u32 match ip tos 0x68 0xfc flowid 1:20
sudo tc filter add dev eth0 parent 1: protocol ip prio 2 u32 match ip tos 0x50 0xfc flowid 1:20
Filter for web traffic (AF21)
sudo tc filter add dev eth0 parent 1: protocol ip prio 2 u32 match ip tos 0x48 0xfc flowid 1:20
Default filter for unmarked traffic (low priority)
sudo tc filter add dev eth0 parent 1: protocol ip prio 3 u32 match ip dst 0.0.0.0/0 flowid 1:30Configure ingress traffic control
Set up ingress filtering to control incoming traffic rates and prevent network flooding.
# Add ingress qdisc
sudo tc qdisc add dev eth0 handle ffff: ingress
Limit total ingress rate to 80Mbps
sudo tc filter add dev eth0 parent ffff: protocol ip prio 1 u32 match u32 0 0 police rate 80mbit burst 10k drop flowid :1
Rate limit specific services
Limit HTTP/HTTPS to 50Mbps
sudo tc filter add dev eth0 parent ffff: protocol ip prio 2 u32 match ip sport 80 0xffff police rate 25mbit burst 5k drop
sudo tc filter add dev eth0 parent ffff: protocol ip prio 2 u32 match ip sport 443 0xffff police rate 25mbit burst 5k dropCreate QoS monitoring script
Create a script to monitor QoS statistics and queue performance for ongoing optimization.
#!/bin/bash
echo "=== HTB Queue Statistics ==="
tc -s class show dev eth0
echo ""
echo "=== Filter Statistics ==="
tc -s filter show dev eth0
echo ""
echo "=== Ingress Statistics ==="
tc -s qdisc show dev eth0
echo ""
echo "=== DSCP Marking Rules ==="
iptables -t mangle -L QOS_MARKING -n -v
echo ""
echo "=== Network Interface Statistics ==="
cat /proc/net/dev | grep eth0Make the monitoring script executable
Set proper permissions for the monitoring script and create a systemd timer for regular monitoring.
sudo chmod 755 /usr/local/bin/qos-monitor.sh
Test the monitoring script
sudo /usr/local/bin/qos-monitor.shSave iptables rules permanently
Ensure iptables rules persist across system reboots by saving them to the appropriate configuration files.
sudo netfilter-persistent save
sudo systemctl enable netfilter-persistentCreate QoS startup script
Create a systemd service to automatically configure traffic control rules at system startup.
[Unit]
Description=QoS Traffic Control Setup
After=network.target
Wants=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/local/bin/qos-setup.sh
ExecStop=/usr/local/bin/qos-teardown.sh
[Install]
WantedBy=multi-user.targetCreate QoS setup and teardown scripts
Create scripts to set up and tear down the QoS configuration for easy management.
#!/bin/bash
Interface to configure
INTERFACE="eth0"
TOTAL_BW="100mbit"
Remove existing queues
tc qdisc del dev $INTERFACE root 2>/dev/null || true
tc qdisc del dev $INTERFACE ingress 2>/dev/null || true
Create root HTB queue
tc qdisc add dev $INTERFACE root handle 1: htb default 30
tc class add dev $INTERFACE parent 1: classid 1:1 htb rate $TOTAL_BW
Create priority classes
tc class add dev $INTERFACE parent 1:1 classid 1:10 htb rate 40mbit ceil 80mbit prio 1
tc class add dev $INTERFACE parent 1:1 classid 1:20 htb rate 40mbit ceil 60mbit prio 2
tc class add dev $INTERFACE parent 1:1 classid 1:30 htb rate 20mbit ceil 40mbit prio 3
Add SFQ to leaf classes
tc qdisc add dev $INTERFACE parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $INTERFACE parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $INTERFACE parent 1:30 handle 30: sfq perturb 10
Add filters
tc filter add dev $INTERFACE parent 1: protocol ip prio 1 u32 match ip tos 0xb8 0xfc flowid 1:10
tc filter add dev $INTERFACE parent 1: protocol ip prio 1 u32 match ip tos 0x88 0xfc flowid 1:10
tc filter add dev $INTERFACE parent 1: protocol ip prio 2 u32 match ip tos 0x68 0xfc flowid 1:20
tc filter add dev $INTERFACE parent 1: protocol ip prio 2 u32 match ip tos 0x50 0xfc flowid 1:20
tc filter add dev $INTERFACE parent 1: protocol ip prio 2 u32 match ip tos 0x48 0xfc flowid 1:20
tc filter add dev $INTERFACE parent 1: protocol ip prio 3 u32 match ip dst 0.0.0.0/0 flowid 1:30
Configure ingress
tc qdisc add dev $INTERFACE handle ffff: ingress
tc filter add dev $INTERFACE parent ffff: protocol ip prio 1 u32 match u32 0 0 police rate 80mbit burst 10k drop flowid :1
echo "QoS configuration applied successfully"Create the teardown script
Create a script to cleanly remove all QoS configurations when needed.
#!/bin/bash
INTERFACE="eth0"
Remove all traffic control rules
tc qdisc del dev $INTERFACE root 2>/dev/null || true
tc qdisc del dev $INTERFACE ingress 2>/dev/null || true
echo "QoS configuration removed successfully"Enable the QoS service
Make the scripts executable and enable the systemd service to start automatically.
sudo chmod +x /usr/local/bin/qos-setup.sh
sudo chmod +x /usr/local/bin/qos-teardown.sh
sudo systemctl enable qos-setup.service
sudo systemctl start qos-setup.service
sudo systemctl status qos-setup.serviceVerify your setup
Test the QoS configuration to ensure traffic is being classified and shaped correctly.
# Check HTB classes and statistics
sudo tc -s class show dev eth0
Check filter rules
sudo tc -s filter show dev eth0
Verify iptables DSCP marking
sudo iptables -t mangle -L QOS_MARKING -n -v
Test traffic classification with iperf3 (if available)
iperf3 -c example.com -p 80 -t 10
Monitor real-time queue statistics
watch -n 1 'tc -s class show dev eth0'Note: Replace eth0 with your actual network interface name. Use
ip link show to list available interfaces.Monitor and validate QoS performance
Set up continuous monitoring
Create a monitoring solution to track QoS performance and identify optimization opportunities.
# Create log directory for QoS metrics
sudo mkdir -p /var/log/qos
Create monitoring cron job
echo "/5 * root /usr/local/bin/qos-monitor.sh >> /var/log/qos/qos-stats.log 2>&1" | sudo tee -a /etc/crontab
Restart cron service
sudo systemctl restart cron || sudo systemctl restart crondConfigure DSCP validation script
Create a script to test and validate DSCP marking for different traffic types.
#!/bin/bash
Test DSCP marking for different protocols
echo "Testing DSCP marking..."
Simulate different traffic types and check DSCP values
echo "HTTP traffic should be marked AF21 (0x48):"
tcpdump -i eth0 -c 5 "tcp port 80" -v 2>/dev/null | grep "tos"
echo "SSH traffic should be marked AF22 (0x50):"
tcpdump -i eth0 -c 5 "tcp port 22" -v 2>/dev/null | grep "tos"
echo "Database traffic should be marked AF31 (0x68):"
tcpdump -i eth0 -c 5 "tcp port 3306 or tcp port 5432" -v 2>/dev/null | grep "tos"Make the test script executable
Set appropriate permissions for the DSCP validation script.
sudo chmod +x /usr/local/bin/test-dscp.shCommon issues
| Symptom | Cause | Fix |
|---|---|---|
| QoS rules not applied after reboot | Scripts not enabled in systemd | sudo systemctl enable qos-setup.service |
| Traffic not being classified | Wrong interface name in scripts | Update INTERFACE variable with ip link show |
| DSCP marking not working | iptables rules not saved | sudo netfilter-persistent save |
| High latency despite QoS | Buffer bloat or incorrect bandwidth limits | Reduce HTB queue lengths and adjust bandwidth values |
| No statistics showing in tc output | No traffic matching filters | Check filter rules with tc -s filter show dev eth0 |
| Permission denied when running scripts | Scripts not executable | sudo chmod +x /usr/local/bin/qos-*.sh |
Important: QoS is most effective when applied at network bottlenecks. Configure QoS on routers and gateways where traffic aggregation occurs for maximum impact.
Next steps
- Configure network traffic shaping with tc and HTB for bandwidth management and QoS for additional traffic control techniques
- Configure network monitoring with SNMP and Grafana dashboards to visualize QoS metrics
- Configure advanced iptables QoS with fwmark and multiple interfaces for complex routing scenarios
- Implement enterprise network QoS with Cisco integration for enterprise environments
Automated install script
Run this to automate the entire setup
install.sh
#!/usr/bin/env bash
set -euo pipefail
# Advanced iptables QoS with DSCP marking and traffic classification installer
# Usage: ./install-qos.sh [interface] [bandwidth_mbps]
# Color codes
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
# Default values
INTERFACE="${1:-eth0}"
BANDWIDTH="${2:-100}"
TOTAL_STEPS=6
# Function to print colored output
log_info() { echo -e "${GREEN}[INFO]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
# Usage function
usage() {
echo "Usage: $0 [interface] [bandwidth_mbps]"
echo " interface: Network interface to configure QoS on (default: eth0)"
echo " bandwidth_mbps: Total bandwidth in Mbps (default: 100)"
echo "Example: $0 ens33 200"
exit 1
}
# Cleanup function
cleanup() {
log_error "Installation failed. Cleaning up..."
tc qdisc del dev "$INTERFACE" root 2>/dev/null || true
iptables -t mangle -F QOS_MARKING 2>/dev/null || true
iptables -t mangle -X QOS_MARKING 2>/dev/null || true
exit 1
}
trap cleanup ERR
# Check if running as root
if [[ $EUID -ne 0 ]]; then
log_error "This script must be run as root"
exit 1
fi
# Validate arguments
if [[ "$#" -gt 2 ]]; then
usage
fi
# Check if interface exists
if ! ip link show "$INTERFACE" &>/dev/null; then
log_error "Network interface $INTERFACE does not exist"
exit 1
fi
# Validate bandwidth is numeric
if ! [[ "$BANDWIDTH" =~ ^[0-9]+$ ]]; then
log_error "Bandwidth must be a number"
exit 1
fi
# Auto-detect distribution
if [ -f /etc/os-release ]; then
. /etc/os-release
case "$ID" in
ubuntu|debian)
PKG_MGR="apt"
PKG_UPDATE="apt update"
PKG_INSTALL="apt install -y"
PERSISTENT_PKG="iptables-persistent netfilter-persistent"
ENABLE_PERSISTENT="systemctl enable netfilter-persistent"
;;
almalinux|rocky|centos|rhel|ol|fedora)
PKG_MGR="dnf"
PKG_UPDATE="dnf update -y"
PKG_INSTALL="dnf install -y"
PERSISTENT_PKG="iptables-services"
ENABLE_PERSISTENT="systemctl enable iptables"
;;
amzn)
PKG_MGR="yum"
PKG_UPDATE="yum update -y"
PKG_INSTALL="yum install -y"
PERSISTENT_PKG="iptables-services"
ENABLE_PERSISTENT="systemctl enable iptables"
;;
*)
log_error "Unsupported distribution: $ID"
exit 1
;;
esac
else
log_error "Cannot detect distribution"
exit 1
fi
log_info "Starting QoS configuration for interface $INTERFACE with ${BANDWIDTH}Mbps bandwidth"
# Step 1: Install required packages
echo -e "${GREEN}[1/$TOTAL_STEPS]${NC} Installing traffic control utilities..."
$PKG_UPDATE >/dev/null 2>&1
if [[ "$PKG_MGR" == "apt" ]]; then
$PKG_INSTALL iproute2 $PERSISTENT_PKG >/dev/null 2>&1
else
$PKG_INSTALL iproute tc $PERSISTENT_PKG >/dev/null 2>&1
fi
$ENABLE_PERSISTENT >/dev/null 2>&1
log_info "Packages installed successfully"
# Step 2: Create HTB queuing discipline
echo -e "${GREEN}[2/$TOTAL_STEPS]${NC} Configuring HTB queuing discipline..."
# Remove existing queues
tc qdisc del dev "$INTERFACE" root 2>/dev/null || true
# Calculate bandwidth allocations
HIGH_RATE=$((BANDWIDTH * 40 / 100))
HIGH_CEIL=$((BANDWIDTH * 80 / 100))
MED_RATE=$((BANDWIDTH * 40 / 100))
MED_CEIL=$((BANDWIDTH * 60 / 100))
LOW_RATE=$((BANDWIDTH * 20 / 100))
LOW_CEIL=$((BANDWIDTH * 40 / 100))
# Create root HTB queue
tc qdisc add dev "$INTERFACE" root handle 1: htb default 30
tc class add dev "$INTERFACE" parent 1: classid 1:1 htb rate "${BANDWIDTH}mbit"
# Create priority classes
tc class add dev "$INTERFACE" parent 1:1 classid 1:10 htb rate "${HIGH_RATE}mbit" ceil "${HIGH_CEIL}mbit" prio 1
tc class add dev "$INTERFACE" parent 1:1 classid 1:20 htb rate "${MED_RATE}mbit" ceil "${MED_CEIL}mbit" prio 2
tc class add dev "$INTERFACE" parent 1:1 classid 1:30 htb rate "${LOW_RATE}mbit" ceil "${LOW_CEIL}mbit" prio 3
log_info "HTB queuing discipline configured"
# Step 3: Add SFQ queuing to leaf classes
echo -e "${GREEN}[3/$TOTAL_STEPS]${NC} Adding SFQ queuing to classes..."
tc qdisc add dev "$INTERFACE" parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev "$INTERFACE" parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev "$INTERFACE" parent 1:30 handle 30: sfq perturb 10
log_info "SFQ queuing configured"
# Step 4: Configure iptables DSCP marking
echo -e "${GREEN}[4/$TOTAL_STEPS]${NC} Configuring iptables DSCP marking rules..."
# Create DSCP marking chain
iptables -t mangle -N QOS_MARKING 2>/dev/null || iptables -t mangle -F QOS_MARKING
# Jump to marking chain
iptables -t mangle -D OUTPUT -j QOS_MARKING 2>/dev/null || true
iptables -t mangle -D FORWARD -j QOS_MARKING 2>/dev/null || true
iptables -t mangle -A OUTPUT -j QOS_MARKING
iptables -t mangle -A FORWARD -j QOS_MARKING
# Mark VoIP traffic (EF - Expedited Forwarding)
iptables -t mangle -A QOS_MARKING -p udp --dport 5060 -j DSCP --set-dscp-class EF
iptables -t mangle -A QOS_MARKING -p udp --dport 10000:20000 -j DSCP --set-dscp-class EF
# Mark video traffic (AF41)
iptables -t mangle -A QOS_MARKING -p tcp --dport 1935 -j DSCP --set-dscp-class AF41
iptables -t mangle -A QOS_MARKING -p udp --dport 1935 -j DSCP --set-dscp-class AF41
# Mark database traffic (AF31)
iptables -t mangle -A QOS_MARKING -p tcp --dport 3306 -j DSCP --set-dscp-class AF31
iptables -t mangle -A QOS_MARKING -p tcp --dport 5432 -j DSCP --set-dscp-class AF31
# Mark web traffic (AF21)
iptables -t mangle -A QOS_MARKING -p tcp --dport 80 -j DSCP --set-dscp-class AF21
iptables -t mangle -A QOS_MARKING -p tcp --dport 443 -j DSCP --set-dscp-class AF21
# Mark SSH traffic (AF22)
iptables -t mangle -A QOS_MARKING -p tcp --dport 22 -j DSCP --set-dscp-class AF22
# Mark bulk transfer (BE - Best Effort)
iptables -t mangle -A QOS_MARKING -p tcp --dport 21 -j DSCP --set-dscp-class BE
iptables -t mangle -A QOS_MARKING -p tcp --dport 20 -j DSCP --set-dscp-class BE
log_info "DSCP marking rules configured"
# Step 5: Create traffic classification filters
echo -e "${GREEN}[5/$TOTAL_STEPS]${NC} Creating traffic classification filters..."
# High priority: EF (46), AF41 (34)
tc filter add dev "$INTERFACE" parent 1: protocol ip prio 1 u32 match ip tos 0xb8 0xfc flowid 1:10
tc filter add dev "$INTERFACE" parent 1: protocol ip prio 1 u32 match ip tos 0x88 0xfc flowid 1:10
# Medium priority: AF31 (26), AF22 (20), AF21 (18)
tc filter add dev "$INTERFACE" parent 1: protocol ip prio 2 u32 match ip tos 0x68 0xfc flowid 1:20
tc filter add dev "$INTERFACE" parent 1: protocol ip prio 2 u32 match ip tos 0x50 0xfc flowid 1:20
tc filter add dev "$INTERFACE" parent 1: protocol ip prio 2 u32 match ip tos 0x48 0xfc flowid 1:20
log_info "Traffic classification filters created"
# Step 6: Save configuration and enable persistence
echo -e "${GREEN}[6/$TOTAL_STEPS]${NC} Saving configuration..."
if [[ "$PKG_MGR" == "apt" ]]; then
iptables-save > /etc/iptables/rules.v4
mkdir -p /etc/systemd/system
cat > /etc/systemd/system/qos-setup.service << 'EOF'
[Unit]
Description=QoS Traffic Control Setup
After=network.target
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/usr/local/bin/qos-setup.sh
TimeoutStartSec=0
[Install]
WantedBy=multi-user.target
EOF
else
service iptables save 2>/dev/null || systemctl enable iptables
cat > /etc/systemd/system/qos-setup.service << 'EOF'
[Unit]
Description=QoS Traffic Control Setup
After=network.target
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/usr/local/bin/qos-setup.sh
TimeoutStartSec=0
[Install]
WantedBy=multi-user.target
EOF
fi
# Create startup script
cat > /usr/local/bin/qos-setup.sh << EOF
#!/bin/bash
# QoS setup script - auto-generated
tc qdisc del dev $INTERFACE root 2>/dev/null || true
tc qdisc add dev $INTERFACE root handle 1: htb default 30
tc class add dev $INTERFACE parent 1: classid 1:1 htb rate ${BANDWIDTH}mbit
tc class add dev $INTERFACE parent 1:1 classid 1:10 htb rate ${HIGH_RATE}mbit ceil ${HIGH_CEIL}mbit prio 1
tc class add dev $INTERFACE parent 1:1 classid 1:20 htb rate ${MED_RATE}mbit ceil ${MED_CEIL}mbit prio 2
tc class add dev $INTERFACE parent 1:1 classid 1:30 htb rate ${LOW_RATE}mbit ceil ${LOW_CEIL}mbit prio 3
tc qdisc add dev $INTERFACE parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $INTERFACE parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $INTERFACE parent 1:30 handle 30: sfq perturb 10
tc filter add dev $INTERFACE parent 1: protocol ip prio 1 u32 match ip tos 0xb8 0xfc flowid 1:10
tc filter add dev $INTERFACE parent 1: protocol ip prio 1 u32 match ip tos 0x88 0xfc flowid 1:10
tc filter add dev $INTERFACE parent 1: protocol ip prio 2 u32 match ip tos 0x68 0xfc flowid 1:20
tc filter add dev $INTERFACE parent 1: protocol ip prio 2 u32 match ip tos 0x50 0xfc flowid 1:20
tc filter add dev $INTERFACE parent 1: protocol ip prio 2 u32 match ip tos 0x48 0xfc flowid 1:20
EOF
chmod 755 /usr/local/bin/qos-setup.sh
systemctl enable qos-setup.service >/dev/null 2>&1
log_info "Configuration saved and persistence enabled"
# Verification
log_info "Verifying QoS configuration..."
if tc qdisc show dev "$INTERFACE" | grep -q htb; then
log_info "✓ HTB queuing discipline active"
else
log_error "✗ HTB queuing discipline not found"
fi
if iptables -t mangle -L QOS_MARKING >/dev/null 2>&1; then
log_info "✓ DSCP marking rules active"
else
log_error "✗ DSCP marking rules not found"
fi
if tc filter show dev "$INTERFACE" | grep -q flowid; then
log_info "✓ Traffic classification filters active"
else
log_error "✗ Traffic classification filters not found"
fi
log_info "QoS configuration completed successfully!"
log_info "Interface: $INTERFACE"
log_info "Total Bandwidth: ${BANDWIDTH}Mbps"
log_info "High Priority: ${HIGH_RATE}Mbps (ceil ${HIGH_CEIL}Mbps)"
log_info "Medium Priority: ${MED_RATE}Mbps (ceil ${MED_CEIL}Mbps)"
log_info "Low Priority: ${LOW_RATE}Mbps (ceil ${LOW_CEIL}Mbps)"
log_warn "Reboot recommended to ensure all services start correctly"Review the script before running. Execute with: bash install.sh