SHOREWALL-TCPRI(5) | Configuration Files | SHOREWALL-TCPRI(5) |
NAME¶
tcpri - Shorewall fileSYNOPSIS¶
/etc/shorewall/tcpri
DESCRIPTION¶
This file is used to specify the priority of traffic for simple traffic shaping (TC_ENABLED=Simple in shorewall.conf[1](5)). The priority band of each packet is determined by the last entry that the packet matches. If a packet doesn't match any entry in this file, then its priority will be determined by its TOS field. The default mapping is as follows but can be changed by setting the TC_PRIOMAP option in shorewall.conf[1](5).TOS Bits Means Linux Priority BAND ------------------------------------------------------------ 0x0 0 Normal Service 0 Best Effort 2 0x2 1 Minimize Monetary Cost 1 Filler 3 0x4 2 Maximize Reliability 0 Best Effort 2 0x6 3 mmc+mr 0 Best Effort 2 0x8 4 Maximize Throughput 2 Bulk 3 0xa 5 mmc+mt 2 Bulk 3 0xc 6 mr+mt 2 Bulk 3 0xe 7 mmc+mr+mt 2 Bulk 3 0x10 8 Minimize Delay 6 Interactive 1 0x12 9 mmc+md 6 Interactive 1 0x14 10 mr+md 6 Interactive 1 0x16 11 mmc+mr+md 6 Interactive 1 0x18 12 mt+md 4 Int. Bulk 2 0x1a 13 mmc+mt+md 4 Int. Bulk 2 0x1c 14 mr+mt+md 4 Int. Bulk 2 0x1e 15 mmc+mr+mt+md 4 Int. Bulk 2
Classifies matching traffic as High Priority (1), Medium
Priority (2) or Low Priority (3). For those interfaces listed in
shorewall-tcinterfaces[2](5), Priority 2 traffic will be deferred so
long and there is Priority 1 traffic queued and Priority 3 traffic will be
deferred so long as there is Priority 1 or Priority 2 traffic to send.
PROTO - protocol[,...]
Optional. The name or number of an IPv4 protocol.
Beginning with Shorewall 4.5.12, this column can accept a comma-separated list
of protocols.
PORT(S) - port [,...]
Optional. May only be given if the the PROTO is TCP (6),
UDP (17), DCCP (33), SCTP (132) or UDPLITE (136). A list of one or more port
numbers or service names from /etc/services. Port ranges of the form
lowport: highport may also be included.
ADDRESS - [ address]
Optional. The IP or MAC address that the traffic
originated from. MAC addresses must be given in Shorewall format. If this
column contains an address, then the PROTO, PORT(S) and INTERFACE column must
be empty ("-").
INTERFACE - [ interface]
Optional. The logical name of an interface that
traffic arrives from. If given, the PROTO, PORT(S) and ADDRESS columns must be
empty ("-").
Note
INTERFACE classification of packets occurs before classification by
PROTO/PORT(S)/ADDRESS. So it is highly recommended to place entries that
specify INTERFACE at the top of the file so that the rule about last entry
matches is preserved.
HELPER - [helper]
Optional. Names a Netfilter protocol helper module such
as ftp, sip, amanda, etc. A packet will match if it was accepted by the named
helper module. You can also append "-" and a port number to the
helper module name (e.g., ftp-21) to specify the port number that the original
connection was made on.
FILES¶
/etc/shorewall/tcpriSEE ALSO¶
http://www.shorewall.net/configuration_file_basics.htm#Pairs[3] prio(8), shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-mangle(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)NOTES¶
- 1.
- shorewall.conf
- 2.
- shorewall-tcinterfaces
10/19/2014 | Configuration Files |