'\" t .\" Title: shorewall-tcfilters .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.75.2 .\" Date: 06/28/2012 .\" Manual: [FIXME: manual] .\" Source: [FIXME: source] .\" Language: English .\" .TH "SHOREWALL\-TCFILTERS" "5" "06/28/2012" "[FIXME: source]" "[FIXME: manual]" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" tcfilters \- Shorewall u32 classifier rules file .SH "SYNOPSIS" .HP \w'\fB/etc/shorewall/tcfilters\fR\ 'u \fB/etc/shorewall/tcfilters\fR .SH "DESCRIPTION" .PP Entries in this file cause packets to be classified for traffic shaping\&. .PP Beginning with Shorewall 4\&.4\&.15, the file may contain entries for both IPv4 and IPv6\&. By default, all rules apply to IPv4 but that can be changed by inserting a line as follows: .PP IPV4 .RS 4 Following entries apply to IPv4\&. .RE .PP IPV6 .RS 4 Following entries apply to IPv6 .RE .PP ALL .RS 4 Following entries apply to both IPv4 and IPv6\&. Each entry is processed twice; once for IPv4 and once for IPv6\&. .RE .PP The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in the alternate specification syntax)\&. .PP \fBCLASS\fR \- \fIinterface\fR\fB:\fR\fIclass\fR .RS 4 The name or number of an interface defined in \m[blue]\fBshorewall\-tcdevices\fR\m[]\&\s-2\u[1]\d\s+2(5) followed by a \fIclass\fR number defined for that interface in \m[blue]\fBshorewall\-tcclasses\fR\m[]\&\s-2\u[2]\d\s+2(5)\&. .RE .PP \fBSOURCE\fR \- {\fB\-\fR|\fIaddress\fR} .RS 4 Source of the packet\&. May be a host or network \fIaddress\fR\&. DNS names are not allowed\&. .RE .PP \fBDEST\fR \- {\fB\-\fR|\fIaddress\fR}} .RS 4 Destination of the packet\&. May be a host or network \fIaddress\fR\&. DNS names are not allowed\&. .sp You may exclude certain hosts from the set already defined through use of an \fIexclusion\fR (see \m[blue]\fBshorewall\-exclusion\fR\m[]\&\s-2\u[3]\d\s+2(5))\&. .RE .PP \fBPROTO\fR \- {\fB\-\fR|\fIprotocol\-number\fR|\fIprotocol\-name\fR|\fBall}\fR .RS 4 Protocol\&. .RE .PP \fBDEST PORT\fR (dport) \- [\fB\-\fR|\fIport\-name\-or\-number\fR] .RS 4 Optional destination Ports\&. A Port name (from services(5)) or a \fIport number\fR; if the protocol is \fBicmp\fR, this column is interpreted as the destination icmp\-type(s)\&. .RE .PP \fBSOURCE PORT\fR (sport) \- [\fB\-\fR|\fIport\-name\-or\-number\fR] .RS 4 Optional source port\&. .RE .PP \fBTOS\fR (Optional) \- [\fB\-\fR|\fItos\fR] .RS 4 Specifies the value of the TOS field\&. The \fItos\fR value can be any of the following: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fBtos\-minimize\-delay\fR .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fBtos\-maximuze\-throughput\fR .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fBtos\-maximize\-reliability\fR .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fBtos\-minimize\-cost\fR .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fBtos\-normal\-service\fR .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fIhex\-number\fR .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fIhex\-number\fR/\fIhex\-number\fR .RE .sp The \fIhex\-number\fRs must be exactly two digits (e\&.g\&., 0x04)x\&. .RE .PP \fBLENGTH\fR \- [\fB\-\fR|\fInumber\fR] .RS 4 Optional \- Must be a power of 2 between 32 and 8192 inclusive\&. Packets with a total length that is strictly less than the specified \fInumber\fR will match the rule\&. .RE .SH "EXAMPLE" .PP Example 1: .RS 4 Place all \*(Aqping\*(Aq traffic on interface 1 in class 10\&. Note that ALL cannot be used because IPv4 ICMP and IPv6 ICMP are two different protocols\&. .sp .if n \{\ .RS 4 .\} .nf #CLASS SOURCE DEST PROTO DEST # PORT IPV4 1:10 0\&.0\&.0\&.0/0 0\&.0\&.0\&.0/0 icmp echo\-request 1:10 0\&.0\&.0\&.0/0 0\&.0\&.0\&.0/0 icmp echo\-reply IPV6 1:10 ::/0 ::/0 icmp6 echo\-request 1:10 ::/0 ::/0 icmp6 echo\-reply .fi .if n \{\ .RE .\} .RE .SH "FILES" .PP /etc/shorewall/tcfilters .SH "SEE ALSO" .PP \m[blue]\fBhttp://shorewall\&.net/traffic_shaping\&.htm\fR\m[] .PP \m[blue]\fBhttp://shorewall\&.net/MultiISP\&.html\fR\m[] .PP \m[blue]\fBhttp://shorewall\&.net/PacketMarking\&.html\fR\m[] .PP \m[blue]\fBhttp://shorewall\&.net/configuration_file_basics\&.htm#Pairs\fR\m[] .PP shorewall(8), shorewall\-accounting(5), shorewall\-actions(5), shorewall\-blacklist(5), shorewall\-ecn(5), shorewall\-exclusion(5), shorewall\-hosts(5), shorewall_interfaces(5), shorewall\-ipsets(5), shorewall\-maclist(5), shorewall\-masq(5), shorewall\-nat(5), shorewall\-netmap(5), shorewall\-params(5), shorewall\-policy(5), shorewall\-providers(5), shorewall\-proxyarp(5), shorewall\-rtrules(5), shorewall\-routestopped(5), shorewall\-rules(5), shorewall\&.conf(5), shorewall\-secmarks(5), shorewall\-tcclasses(5), shorewall\-tcdevices(5), shorewall\-tos(5), shorewall\-tunnels(5), shorewall\-zones(5) .SH "NOTES" .IP " 1." 4 shorewall-tcdevices .RS 4 \%http://www.shorewall.net/manpages/shorewall-tcdevices.html .RE .IP " 2." 4 shorewall-tcclasses .RS 4 \%http://www.shorewall.net/manpages/shorewall-tcclasses.html .RE .IP " 3." 4 shorewall-exclusion .RS 4 \%http://www.shorewall.net/manpages/shorewall-exclusion.html .RE