# remove previous rules
$TC qdisc del dev $DEV root 2>/dev/null

# create a root queuing discipline for our interface
tc qdisc add dev $DEV root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8

# create a class called 1:1
tc class add dev $DEV parent 1:0 classid 1:1 cbq bandwidth 100Mbit  \
  prio 8 allot 1514 cell 8 rate 100Mbit maxburst 20 avpkt 1000
# create a sub-class of 1:1 called 1:10 that is rate-limited to 105kbit
tc class add dev $DEV parent 1:1 classid 1:10 cbq bandwidth 100Mbit  \
  rate 105Kbit prio 1 allot 1514 cell 8 maxburst 20      \
  avpkt 1000 bounded
# create a sub-class called 1:20 that isn't limited, for locally generated traffic
tc class add dev $DEV parent 1:1 classid 1:20 cbq allot 1514 avpkt 1000 \
  rate 100Mbit bandwidth 100Mbit prio 2
# locally generated traffic should go to the appropriate sub-class
tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
  match ip src $SERVERIP/32 flowid 1:20
# not sure if this is really needed... traffic from one interface to another?
tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
  match ip dst $SERVERIP/32 flowid 1:20

# traffic to our lan (that didn't match earlier rules) should go to appropriate sub-class
tc filter add dev $DEV parent 1:0 protocol ip prio 2 u32 \
  match ip dst $LIMITIPS flowid 1:10

# Mark traffic with a source port of 80 with the mark 1
$IPTABLES -A PREROUTING -i $DEV -t mangle -p tcp --sport 80 -j MARK --set-mark 1

tc qdisc add dev eth0 root handle 1: cbq avpkt 1000 bandwidth 100mbit
tc class add dev eth0 parent 1: classid 1:1 cbq rate 768kbit allot 1500 prio 5 bounded isolated
tc filter add dev eth0 parent 1: protocol ip prio 16 u32 match ip dport 3306 0xfff flowid 1:1