'\" t .\" Title: shorewall-tcdevices .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.75.2 .\" Date: 06/28/2012 .\" Manual: [FIXME: manual] .\" Source: [FIXME: source] .\" Language: English .\" .TH "SHOREWALL\-TCDEVICES" "5" "06/28/2012" "[FIXME: source]" "[FIXME: manual]" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" tcdevices \- Shorewall Traffic Shaping Devices file .SH "SYNOPSIS" .HP \w'\fB/etc/shorewall/tcdevices\fR\ 'u \fB/etc/shorewall/tcdevices\fR .SH "DESCRIPTION" .PP Entries in this file define the bandwidth for interfaces on which you want traffic shaping to be enabled\&. .PP If you do not plan to use traffic shaping for a device, don\*(Aqt put it in here as it limits the throughput of that device to the limits you set here\&. .PP A note on the \fIbandwidth\fR definitions used in this file: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} don\*(Aqt use a space between the integer value and the unit: 30kbit is valid while 30 kbit is not\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} you can use one of the following units: .PP \fBkbps\fR .RS 4 Kilobytes per second\&. .RE .PP \fBmbps\fR .RS 4 Megabytes per second\&. .RE .PP \fBkbit\fR .RS 4 Kilobits per second\&. .RE .PP \fBmbit\fR .RS 4 Megabits per second\&. .RE .PP \fBbps\fR or \fBnumber\fR .RS 4 Bytes per second\&. .RE .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Only whole integers are allowed\&. .RE .PP The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in the alternate specification syntax)\&. .PP \fBINTERFACE\fR \- [\fInumber\fR:]\fIinterface\fR .RS 4 Name of \fIinterface\fR\&. Each interface may be listed only once in this file\&. You may NOT specify the name of an alias (e\&.g\&., eth0:0) here; see \m[blue]\fBhttp://www\&.shorewall\&.net/FAQ\&.htm#faq18\fR\m[] .sp You may NOT specify wildcards here, e\&.g\&. if you have multiple ppp interfaces, you need to put them all in here! .sp If the device doesn\*(Aqt exist, a warning message will be issued during "shorewall [re]start" and "shorewall refresh" and traffic shaping configuration will be skipped for that device\&. .sp Shorewall assigns a sequential interface number to each interface (the first entry in the file is interface 1, the second is interface 2 and so on) You can explicitly specify the interface number by prefixing the interface name with the number and a colon (":")\&. Example: 1:eth0\&. .RE .PP \fBIN\-BANDWIDTH (in_bandwidth)\fR \- {\-|\fIbandwidth\fR[:\fIburst\fR]|~\fIbandwidth\fR[:\fIinterval\fR:\fIdecay_interval\fR]} .RS 4 The incoming \fIbandwidth\fR of that interface\&. Please note that you are not able to do traffic shaping on incoming traffic, as the traffic is already received before you could do so\&. But this allows you to define the maximum traffic allowed for this interface in total, if the rate is exceeded, the packets are dropped\&. You want this mainly if you have a DSL or Cable connection to avoid queuing at your providers side\&. .sp If you don\*(Aqt want any traffic to be dropped, set this to a value to zero in which case Shorewall will not create an ingress qdisc\&.Must be set to zero if the REDIRECTED INTERFACES column is non\-empty\&. .sp The optional burst option was added in Shorewall 4\&.4\&.18\&. The default \fIburst\fR is 10kb\&. A larger \fIburst\fR can help make the \fIbandwidth\fR more accurate; often for fast lines, the enforced rate is well below the specified \fIbandwidth\fR\&. .sp What is described above creates a rate/burst policing filter\&. Beginning with Shorewall 4\&.4\&.25, a rate\-estimated policing filter may be configured instead\&. Rate\-estimated filters should be used with ethernet adapters that have Generic Receive Offload enabled by default\&. See \m[blue]\fBShorewall FAQ 97a\fR\m[]\&\s-2\u[1]\d\s+2\&. .sp To create a rate\-estimated filter, precede the bandwidth with a tilde ("~")\&. The optional interval and decay_interval determine how often the rate is estimated and how many samples are retained for estimating\&. Please see \m[blue]\fBhttp://ace\-host\&.stuart\&.id\&.au/russell/files/tc/doc/estimators\&.txt\fR\m[] for details\&. .RE .PP \fBOUT\-BANDWIDTH\fR (out_bandwidth) \- \fIbandwidth\fR .RS 4 The outgoing \fIbandwidth\fR of that interface\&. This is the maximum speed your connection can handle\&. It is also the speed you can refer as "full" if you define the tc classes in \m[blue]\fBshorewall\-tcclasses\fR\m[]\&\s-2\u[2]\d\s+2(5)\&. Outgoing traffic above this rate will be dropped\&. .RE .PP \fBOPTIONS\fR \- {\fB\-\fR|\fB{classify\fR|hfsc} ,\&.\&.\&.} .RS 4 \fBclassify\fR \(em When specified, Shorewall will not generate tc or Netfilter rules to classify traffic based on packet marks\&. You must do all classification using CLASSIFY rules in \m[blue]\fBshorewall\-tcrules\fR\m[]\&\s-2\u[3]\d\s+2(5)\&. .sp \fBhfsc\fR \- Shorewall normally uses the Hierarchical Token Bucket queuing discipline\&. When \fBhfsc\fR is specified, the Hierarchical Fair Service Curves discipline is used instead\&. .RE .PP \fBREDIRECTED INTERFACES\fR (redirect)\- [\fIinterface\fR[,\fIinterface\fR]\&.\&.\&.] .RS 4 May only be specified if the interface in the INTERFACE column is an Intermediate Frame Block (IFB) device\&. Causes packets that enter each listed interface to be passed through the egress filters defined for this device, thus providing a form of incoming traffic shaping\&. When this column is non\-empty, the \fBclassify\fR option is assumed\&. .RE .SH "EXAMPLES" .PP Example 1: .RS 4 Suppose you are using PPP over Ethernet (DSL) and ppp0 is the interface for this\&. The device has an outgoing bandwidth of 500kbit and an incoming bandwidth of 6000kbit .sp .if n \{\ .RS 4 .\} .nf #INTERFACE IN\-BANDWIDTH OUT\-BANDWIDTH OPTIONS REDIRECTED # INTERFACES 1:ppp0 6000kbit 500kbit .fi .if n \{\ .RE .\} .RE .SH "FILES" .PP /etc/shorewall/tcdevices .SH "SEE ALSO" .PP \m[blue]\fBhttp://shorewall\&.net/traffic_shaping\&.htm\fR\m[] .PP \m[blue]\fBhttp://shorewall\&.net/configuration_file_basics\&.htm#Pairs\fR\m[] .PP \m[blue]\fBhttp://ace\-host\&.stuart\&.id\&.au/russell/files/tc/doc/estimators\&.txt\fR\m[] .PP shorewall(8), shorewall\-accounting(5), shorewall\-actions(5), shorewall\-blacklist(5), shorewall\-hosts(5), shorewall_interfaces(5), shorewall\-ipsets(5), shorewall\-maclist(5), shorewall\-masq(5), shorewall\-nat(5), shorewall\-netmap(5), shorewall\-params(5), shorewall\-policy(5), shorewall\-providers(5), shorewall\-proxyarp(5), shorewall\-rtrules(5), shorewall\-routestopped(5), shorewall\-rules(5), shorewall\&.conf(5), shorewall\-secmarks(5), shorewall\-tcclasses(5), shorewall\-tcrules(5), shorewall\-tos(5), shorewall\-tunnels(5), shorewall\-zones(5) .SH "NOTES" .IP " 1." 4 Shorewall FAQ 97a .RS 4 \%http://www.shorewall.net/FAQ.htm#faq97a .RE .IP " 2." 4 shorewall-tcclasses .RS 4 \%http://www.shorewall.net/manpages/shorewall-tcclasses.html .RE .IP " 3." 4 shorewall-tcrules .RS 4 \%http://www.shorewall.net/manpages/shorewall-tcrules.html .RE