Traffic control using Iptables/Netfilter

Netfilter rules

# --- Traffic control ---
iptables -t mangle -F 
iptables -t mangle -X 
iptables -t mangle -N IN-LAN
iptables -t mangle -N OUT-LAN
iptables -t mangle -N IN-INTERNET 
iptables -t mangle -N OUT-INTERNET
iptables -t mangle -I PREROUTING -m mark ! --mark 105 -j IN-INTERNET
iptables -t mangle -I POSTROUTING -m mark ! --mark 105 -j OUT-INTERNET
iptables -t mangle -I PREROUTING -s 192.168.0.0/16 -j MARK --set-mark 105
iptables -t mangle -I POSTROUTING -d 192.168.0.0/16 -j MARK --set-mark 105
iptables -t mangle -I PREROUTING -s 127.0.0.0/8 -j MARK --set-mark 105
iptables -t mangle -I POSTROUTING -d 127.0.0.0/8 -j MARK --set-mark 105
iptables -t mangle -I PREROUTING -s 169.0.0.0/8 -j MARK --set-mark 105
iptables -t mangle -I POSTROUTING -d 169.0.0.0/8 -j MARK --set-mark 105
iptables -t mangle -I PREROUTING -s 172.0.0.0/8 -j MARK --set-mark 105
iptables -t mangle -I POSTROUTING -d 172.0.0.0/8 -j MARK --set-mark 105
iptables -t mangle -I PREROUTING -s 192.168.0.0/16 -j IN-LAN
iptables -t mangle -I POSTROUTING -d 192.168.0.0/16 -j OUT-LAN
iptables -t mangle -A IN-LAN -s 0/0
iptables -t mangle -A OUT-LAN -d 0/0
iptables -t mangle -A IN-INTERNET -s 0/0
iptables -t mangle -A OUT-INTERNET -d 0/0

Monitor

sudo iptables -t mangle -L IN-INTERNET -v | tail -n1 | sed 's~ *[^ ]\+ *\([^ ]\+\).*~\1~'
sudo iptables -t mangle -L OUT-INTERNET -v | tail -n1 | sed 's~ *[^ ]\+ *\([^ ]\+\).*~\1~'