1SHOREWALL-TCINTERFA(5) [FIXME: manual] SHOREWALL-TCINTERFA(5)
2
6 tcinterfaces - Shorewall file
7
9 /etc/shorewall/tcinterfaces
10
12 This file lists the interfaces that are subject to simple traffic
13 shaping. Simple traffic shaping is enabled by setting TC_ENABLED=Simple
14 in shorewall.conf[1](5).
15 A note on the bandwidth definition used in this file:
17 · don't use a space between the integer value and the unit: 30kbit is
19 valid while 30 kbit is not.
20 · you can use one of the following units:
22 kbps
24 Kilobytes per second.
25 mbps
27 Megabytes per second.
28 kbit
30 Kilobits per second.
31 mbit
33 Megabits per second.
34 bps or number
36 Bytes per second.
37 k or kb
39 Kilo bytes.
40 m or mb
42 Megabytes.
43 · Only whole integers are allowed.
45 The columns in the file are as follows.
47 INTERFACE
49 The logical name of an interface. If you run both IPv4 and IPv6
50 Shorewall firewalls, a given interface should only be listed in one
51 of the two configurations.
52 TYPE - [external|internal]
54 Optional. If given specifies whether the interface is external
55 (facing toward the Internet) or internal (facing toward a local
56 network) and enables SFQ flow classification.
57 Note
59 Simple traffic shaping is only useful on interfaces where
60 queuing occurs. As a consequence, internal interfaces seldom
61 benefit from simple traffic shaping. VPN interfaces are an
62 exception because the encapsulated packets are later
63 transferred over a slower external link.
64 IN-BANDWIDTH - [rate[:burst]]
66 Optional. If specified, enables ingress policing on the interface.
67 If incoming traffic exceeds the given rate, received packets are
68 dropped randomly. With some DSL and Cable links, large queues can
69 build up in the ISP's gateway router. While this insures maximum
70 throughput, it kills interactive response time. By setting
71 IN-BANDWIDTH, you can eliminate these queues.
72 To pick an appropriate setting, we recommend that you start by
74 setting it significantly below your measured download bandwidth
75 (20% or so). While downloading, measure the ping response time from
76 the firewall to the upstream router as you gradually increase the
77 setting.The optimal setting is at the point beyond which the ping
78 time increases sharply as you increase the setting.
79 The burst option was added in Shorewall 4.4.13. If not supplied,
81 10kb is assumed. A larger burst size can help make the rate
82 estimate more accurate on fast lines. The default burst often make
83 the enforced rate mush less that the specified rate.
84 OUT-BANDWIDTH - [rate[:[burst][:[latency][:[peek][:[minburst]]]]]]
86 Added in Shorewall 4.4.13. The terms are defined in tc-tbf(8).
87 Shorewall provides defaults as follows:
89 burst - 10kb
90 latency - 200ms
91 The remaining options are defaulted by tc(8).
92
94 /etc/shorewall/tcinterfaces.
95
97 http://ace-host.stuart.id.au/russell/files/tc/doc/sch_tbf.txt
98 shorewall(8), shorewall-accounting(5), shorewall-actions(5),
100 shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
101 shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),
102 shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
103 shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
104 shorewall-route_rules(5), shorewall-routestopped(5),
105 shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5),
106 shorewall-tcpri(5), shorewall-tcrules(5), shorewall-tos(5),
107 shorewall-tunnels(5), shorewall-zones(5)
108
110 1. shorewall.conf
111 http://www.shorewall.net/manpages/shorewall.conf.html
112[FIXME: source] 09/16/2011 SHOREWALL-TCINTERFA(5)