.\" Automatically generated by Pandoc 3.1.3 .nh .\" .\" Define V font for inline verbatim, using C font in formats .\" that render this, and otherwise B font. .ie "\f[CB]x\f[]"x" \{\ . ftr V B . ftr VI BI . ftr VB B . ftr VBI BI .\} .el \{\ . ftr V CR . ftr VI CI . ftr VB CB . ftr VBI CBI .\} .TH "fireqos.conf" "5" "Built 30 Mar 2024" "FireQOS Reference" "3.1.7" .hy .SH NAME .PP fireqos.conf - FireQOS configuration file .SH DESCRIPTION .PP This file defines the traffic shaping that will be applied by fireqos(1). .PP The default configuration file is \f[V]/etc/firehol/fireqos.conf\f[R]. It can be overridden from the command line. .PP A configuration consists of a number of input and output \f[V]interface\f[R] definitions (see fireqos-interface(5)). Each \f[V]interface\f[R] can define any number of (optionally nested) \f[V]class\f[R]es (see fireqos-class(5)) which shape the traffic which they \f[V]match\f[R] (see fireqos-match(5)). .SH SPEED UNITS .PP In FireQOS, speeds can be expressed in the following units: .TP #\f[V]bps\f[R] # bytes per second .TP #\f[V]kbps\f[R]; #\f[V]Kbps\f[R] # kilobytes per second .TP #\f[V]mbps\f[R]; #\f[V]Mbps\f[R] # megabytes per second .TP #\f[V]gbps\f[R]; #\f[V]Gbps\f[R] # gigabytes per second .TP #\f[V]bit\f[R] # bits per second .TP #\f[V]kbit\f[R]; #\f[V]Kbit\f[R]; # # kilobits per second (default) .TP #\f[V]mbit\f[R]; #\f[V]Mbit\f[R] # megabits per second .TP #\f[V]gbit\f[R]; #\f[V]Gbit\f[R] # gigabits per second .TP #\f[V]%\f[R] In a \f[V]class\f[R], uses this percentage of the enclosing \f[V]rate\f[R]. .RS .PP \f[B]Note\f[R] .PP The default, \f[V]kbit\f[R] is different to tc(8) which assumes bytes per second when no unit is specified. .RE .SH EXAMPLE .PP This example uses match statements. .IP .nf \f[C] # incoming traffic from my ADSL router interface eth2 adsl-in input rate 10500kbit adsl remote pppoe-llc class voip commit 100kbit pfifo match udp ports 5060,10000:10100 # asterisk sip and rtp match udp ports 16393:16402 # apple facetime class realtime commit 10% match tcp port 22,1195:1198,1753 # ssh, openvpn, pptp match udp port 53 # dns match proto GRE match icmp match tcp syn match tcp ack class clients commit 10% match tcp port 20,21,25,80,143,443,465,873,993 # mail, web, ftp, etc # unmatched traffic goes here (\[aq]default\[aq] is a special name) class default max 90% # I define torrents beneath the default class, so they slow # down when the default class is willing to get bandwidth class torrents max 90% match port 51414 # my torrent client # outgoing traffic to my ADSL router interface eth2 adsl-out output rate 800kbit adsl remote pppoe-llc class voip commit 100kbit pfifo match udp ports 5060,10000:10100 # asterisk sip and rtp match udp ports 16393:16402 # apple facetime class realtime commit 10% match tcp port 22,1195:1198,1753 # ssh, openvpn, pptp match udp port 53 # dns match proto GRE match icmp match tcp syn match tcp ack class clients commit 10% match tcp port 20,21,25,80,143,443,465,873,993 # mail, web, ftp, etc # unmatched traffic goes here (\[aq]default\[aq] is a special name) class default max 90% # I define torrents beneath the default class, so they slow # down when the default class is willing to get bandwidth class torrents max 90% match port 51414 # my torrent client \f[R] .fi .PP This example uses server/client statements in a bidirectional interface. Of course match statements can also be specified. FireQOS will create 2 interfaces out of this: world-in and world-out. .IP .nf \f[C] DEVICE=dsl0 INPUT_SPEED=\[dq]12000kbit\[dq] OUTPUT_SPEED=\[dq]800kbit\[dq] LINKTYPE=\[dq]adsl local pppoe-llc\[dq] # a few service definitions # all the rest that are used in this example # are defined by FireQOS server_netdata_ports=\[dq]tcp/19999\[dq] server_rtp_ports=\[dq]udp/10000:10100\[dq] server_openvpn_ports=\[dq]any/1195:1198\[dq] server_mytorrent_ports=\[dq]any/60000\[dq] server_mytorrenttransfers_ports=\[dq]any/60001:64999\[dq] server_myssh_ports=\[dq]tcp/2222\[dq] # League Of Legends game (yes! I have kids) server_lol_ports=\[dq]udp/5000:5500 tcp/8393:8400,2099,5223,5222,8088\[dq] interface $DEVICE world bidirectional $LINKTYPE input rate $INPUT_SPEED output rate $OUTPUT_SPEED class voip commit 100kbit pfifo server sip client sip server rtp client stun class interactive input commit 20% output commit 10% server icmp limit 50% server dns client dns server ssh client ssh server myssh client myssh client teamviewer client lol class chat input commit 1000kbit output commit 30% client facetime server hangouts client hangouts client gtalk client jabber class vpns input commit 20% output commit 30% server pptp server GRE server openvpn class servers server netdata server http # a class group to favor tcp handshake over transfers class group surfing prio keep commit 5% client surfing client rsync class synacks match tcp syn match tcp ack class group end class synacks commit 5% match tcp syn match tcp ack class default class background commit 4% client torrents server mytorrent server mytorrenttransfers \f[R] .fi .SH SEE ALSO .IP \[bu] 2 fireqos(1) - FireQOS program .IP \[bu] 2 fireqos-interface(5) - QOS interface definition .IP \[bu] 2 fireqos-class(5) - QOS class definition .IP \[bu] 2 fireqos-match(5) - QOS traffic match .IP \[bu] 2 FireHOL Website (http://firehol.org/) .IP \[bu] 2 FireQOS Online PDF Manual (http://firehol.org/fireqos-manual.pdf) .IP \[bu] 2 FireQOS Online Documentation (http://firehol.org/documentation/) .IP \[bu] 2 tc(8) (http://lartc.org/manpages/tc.html) - show / manipulate traffic control settings .SH AUTHORS FireHOL Team.