Poster of Linux kernelThe best gift for a Linux geek
SHOREWALL-TCFILTERS

SHOREWALL-TCFILTERS

Section: [FIXME: manual] (5) Updated: 02/09/2011 Local index Up
 

NAME

tcfilters - Shorewall u32 classifier rules file  

SYNOPSIS

/etc/shorewall/tcfilters
 

DESCRIPTION

Entries in this file cause packets to be classified for traffic shaping.

Beginning with Shorewall 4.4.15, the file may contain entries for both IPv4 and IPv6. By default, all rules apply to IPv4 but that can be changed by inserting a line as follows:

IPV4

Following entriess apply to IPv4.

IPV6

Following entries apply to IPv6

ALL

Following entries apply to both IPv4 and IPv6. Each entry is processed twice; once for IPv4 and once for IPv6.

The columns in the file are as follows.

CLASS - interface:class

The name or number of an interface defined in m[blue]shorewall-tcdevicesm[][1](5) followed by a class number defined for that interface in m[blue]shorewall-tcclassesm[][2](5).

SOURCE - {-|address}

Source of the packet. May be a host or network address. DNS names are not allowed.

DEST - {-|address}}

Destination of the packet. May be a host or network address. DNS names are not allowed.

You may exclude certain hosts from the set already defined through use of an exclusion (see m[blue]shorewall-exclusionm[][3](5)).

PROTO - {-|protocol-number|protocol-name|all}

Protocol.

DEST PORT (Optional) - [-|port-name-or-number]

Destination Ports. A Port name (from services(5)) or a port number; if the protocol is icmp, this column is interpreted as the destination icmp-type(s).

SOURCE PORT (Optional) - [-|port-name-or-number]

Source port.

TOS (Optional) - [-|tos]

Specifies the value of the TOS field. The tos value can be any of the following:

tos-minimize-delay

tos-maximuze-throughput

tos-maximize-reliability

tos-minimize-cost

tos-normal-service

hex-number

hex-number/hex-number

The hex-numbers must be exactly two digits (e.g., 0x04)x.

LENGTH (Optional) - [-|number]

Must be a power of 2 between 32 and 8192 inclusive. Packets with a total length that is strictly less than the specified number will match the rule.
 

EXAMPLE

Example 1:

Place all 'ping' traffic on interface 1 in class 10. Note that ALL cannot be used because IPv4 ICMP and IPv6 ICMP are two different protocols. 

       #CLASS    SOURCE    DEST         PROTO   DEST 
       #                                        PORT

       IPV4

       1:10      0.0.0.0/0 0.0.0.0/0    icmp    echo-request
       1:10      0.0.0.0/0 0.0.0.0/0    icmp    echo-reply

       IPV6
 
       1:10      ::/0      ::/0         icmp6   echo-request
       1:10      ::/0      ::/0         icmp6   echo-reply
 

FILES

/etc/shorewall/tcfilters  

SEE ALSO

m[blue]http://shorewall.net/traffic_shaping.htmm[]

m[blue]http://shorewall.net/MultiISP.htmlm[]

m[blue]http://shorewall.net/PacketMarking.htmlm[]

shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-ecn(5), shorewall-exclusion(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)  

NOTES

1.
shorewall-tcdevices
http://www.shorewall.net/manpages/shorewall-tcdevices.html
2.
shorewall-tcclasses
http://www.shorewall.net/manpages/shorewall-tcclasses.html
3.
shorewall-exclusion
http://www.shorewall.net/manpages/shorewall-exclusion.html

 

Index

NAME
SYNOPSIS
DESCRIPTION
EXAMPLE
FILES
SEE ALSO
NOTES
This document was created by man2html, using the manual pages.
Time: 22:00:18 GMT, April 16, 2011