SHOREWALL-TCFILTERS(5) | Configuration Files | SHOREWALL-TCFILTERS(5) |
NAME¶
tcfilters - Shorewall u32/basic classifier rules fileSYNOPSIS¶
/etc/shorewall/tcfilters
DESCRIPTION¶
Entries in this file cause packets to be classified for traffic shaping.Beginning with Shorewall 4.4.15, the file may contain entries for both IPv4 and IPv6. By default, all rules apply to IPv4 but that can be changed by inserting a line as follows:
IPV4
IPV6
ALL
The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in the alternate specification syntax).
CLASS - interface:class
SOURCE - {-|address|+ipset}
DEST - {-|address|+ipset}
You may exclude certain hosts from the set already defined through use of an exclusion (see shorewall-exclusion[5](5)).
PROTO - {-|{protocol-number|protocol-name|all}[,...]}
Beginning with Shorewall 4.5.12, this column can accept a comma-separated list of protocols.
DPORT - [-|port-name-or-number]
This column was previously labelled DEST PORT(S).
SPORT - [-|port-name-or-number]
This column was previously labelled SOURCE PORT(S).
TOS (Optional) - [-|tos]
The hex-numbers must be exactly two digits (e.g., 0x04)x.
LENGTH - [-|number]
PRIORITY - [-|priority]
When a priority is not given:
The default priority values used by other Shorewall-generated filters are as follows:
EXAMPLE¶
Example 1:#CLASS SOURCE DEST PROTO DPORT IPV4 1:10 0.0.0.0/0 0.0.0.0/0 icmp echo-request 1:10 0.0.0.0/0 0.0.0.0/0 icmp echo-reply IPV6 1:10 ::/0 ::/0 icmp6 echo-request 1:10 ::/0 ::/0 icmp6 echo-reply
Example 2:
#CLASS SOURCE DEST PROTO DPORT PRIORITY IPV4 1:10 0.0.0.0/0 0.0.0.0/0 icmp echo-request 10 1:10 0.0.0.0/0 0.0.0.0/0 icmp echo-reply 10
FILES¶
/etc/shorewall/tcfiltersSEE ALSO¶
http://www.shorewall.net/traffic_shaping.htm[6]http://www.shorewall.net/MultiISP.html[7]
http://www.shorewall.net/PacketMarking.html[8]
http://www.shorewall.net/configuration_file_basics.htm#Pairs[9]
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-ecn(5), shorewall-exclusion(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
NOTES¶
- 1.
- shorewall-tcdevices
- 2.
- shorewall-tcclasses
- 3.
- shorewall.conf (5)
- 5.
- shorewall-exclusion
03/16/2017 | Configuration Files |