1SHOREWALL-TCFILTERS(5) [FIXME: manual] SHOREWALL-TCFILTERS(5)
2
6 tcfilters - Shorewall u32 classifier rules file
7
9 /etc/shorewall/tcfilters
10
12 Entries in this file cause packets to be classified for traffic
13 shaping.
14 Beginning with Shorewall 4.4.15, the file may contain entries for both
16 IPv4 and IPv6. By default, all rules apply to IPv4 but that can be
17 changed by inserting a line as follows:
18 IPV4
20 Following entriess apply to IPv4.
21 IPV6
23 Following entries apply to IPv6
24 ALL
26 Following entries apply to both IPv4 and IPv6. Each entry is
27 processed twice; once for IPv4 and once for IPv6.
28 The columns in the file are as follows.
30 CLASS - interface:class
32 The name or number of an interface defined in
33 shorewall-tcdevices[1](5) followed by a class number defined for
34 that interface in shorewall-tcclasses[2](5).
35 SOURCE - {-|address}
37 Source of the packet. May be a host or network address. DNS names
38 are not allowed.
39 DEST - {-|address}}
41 Destination of the packet. May be a host or network address. DNS
42 names are not allowed.
43 You may exclude certain hosts from the set already defined through
45 use of an exclusion (see shorewall-exclusion[3](5)).
46 PROTO - {-|protocol-number|protocol-name|all}
48 Protocol.
49 DEST PORT (Optional) - [-|port-name-or-number]
51 Destination Ports. A Port name (from services(5)) or a port number;
52 if the protocol is icmp, this column is interpreted as the
53 destination icmp-type(s).
54 SOURCE PORT (Optional) - [-|port-name-or-number]
56 Source port.
57 TOS (Optional) - [-|tos]
59 Specifies the value of the TOS field. The tos value can be any of
60 the following:
61 · tos-minimize-delay
63 · tos-maximuze-throughput
65 · tos-maximize-reliability
67 · tos-minimize-cost
69 · tos-normal-service
71 · hex-number
73 · hex-number/hex-number
75 The hex-numbers must be exactly two digits (e.g., 0x04)x.
77 LENGTH (Optional) - [-|number]
79 Must be a power of 2 between 32 and 8192 inclusive. Packets with a
80 total length that is strictly less than the specified number will
81 match the rule.
82
84 Example 1:
85 Place all 'ping' traffic on interface 1 in class 10. Note that ALL
86 cannot be used because IPv4 ICMP and IPv6 ICMP are two different
87 protocols.
88 #CLASS SOURCE DEST PROTO DEST
90 # PORT
91 IPV4
93 1:10 0.0.0.0/0 0.0.0.0/0 icmp echo-request
95 1:10 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
96 IPV6
98 1:10 ::/0 ::/0 icmp6 echo-request
100 1:10 ::/0 ::/0 icmp6 echo-reply
101
103 /etc/shorewall/tcfilters
104
106 http://shorewall.net/traffic_shaping.htm
107 http://shorewall.net/MultiISP.html
109 http://shorewall.net/PacketMarking.html
111 shorewall(8), shorewall-accounting(5), shorewall-actions(5),
113 shorewall-blacklist(5), shorewall-ecn(5), shorewall-exclusion(5),
114 shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5),
115 shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
116 shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
117 shorewall-providers(5), shorewall-proxyarp(5),
118 shorewall-route_rules(5), shorewall-routestopped(5),
119 shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5),
120 shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tos(5),
121 shorewall-tunnels(5), shorewall-zones(5)
122
124 1. shorewall-tcdevices
125 http://www.shorewall.net/manpages/shorewall-tcdevices.html
126 2. shorewall-tcclasses
128 http://www.shorewall.net/manpages/shorewall-tcclasses.html
129 3. shorewall-exclusion
131 http://www.shorewall.net/manpages/shorewall-exclusion.html
132[FIXME: source] 09/16/2011 SHOREWALL-TCFILTERS(5)