Name

tcfilters — Shorewall u32 classifier rules file

Synopsis

/etc/shorewall/tcfilters

Description

Entries in this file cause packets to be classified for traffic shaping.

The columns in the file are as follows.

CLASS - interface:class

The name or number of an interface defined in shorewall-tcdevices(5) followed by a class number defined for that interface in shorewall-tcclasses(5).

SOURCE - {-|address}

Source of the packet. May be a host or network address. DNS names are not allowed.

DEST - {-|address}}

Destination of the packet. Comma separated list of IP addresses and/or subnets. If your kernel and iptables include iprange match support, IP address ranges are also allowed. List elements may also consist of an interface name followed by ":" and an address (e.g., eth1:192.168.1.0/24). If the MARK column specificies a classification of the form major:minor then this column may also contain an interface name.

You may exclude certain hosts from the set already defined through use of an exclusion (see shorewall-exclusion(5)).

PROTO - {-|protocol-number|protocol-name|all}

Protocol.

DEST PORT (Optional) - [-|port-name-or-number]

Destination Ports. A Port name (from services(5)) or a port number; if the protocol is icmp, this column is interpreted as the destination icmp-type(s).

SOURCE PORT (Optional) - [-|port-name-or-number]

Source port.

TOS (Optional) - [-|tos]

Specifies the value of the TOS field. The tos value can be any of the following:

  • tos-minimize-delay

  • tos-maximuze-throughput

  • tos-maximize-reliability

  • tos-minimize-cost

  • tos-normal-service

  • hex-number

  • hex-number/hex-number

The hex-numbers must be exactly two digits (e.g., 0x04)x.

LENGTH (Optional) - [-|number]

Must be a power of 2 between 32 and 8192 inclusive. Packets with a total length that is strictly less than the specified number will match the rule.

Example

Example 1:

Place all ICMP echo traffic on interface 1 in class 10.

       #CLASS    SOURCE    DEST         PROTO   DEST 
       #                                        PORT
       1:10      0.0.0.0/0 0.0.0.0/0    icmp    echo-request
       1:10      0.0.0.0/0 0.0.0.0/0    icmp    echo-reply

FILES

/etc/shorewall/tcfilters

See ALSO

http://shorewall.net/traffic_shaping.htm

http://shorewall.net/MultiISP.html

http://shorewall.net/PacketMarking.html

shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-ecn(5), shorewall-exclusion(5), shorewall-hosts(5), shorewall-interfaces(5), shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)