tcinterfaces - Shorewall file
This file lists the interfaces that are subject to simple traffic
shaping. Simple traffic shaping is enabled by setting TC_ENABLED=Simple
A note on the bandwidth definition used in this file:
· don't use a space between the integer value and the unit: 30kbit is
valid while 30 kbit is not.
· you can use one of the following units:
Kilobytes per second.
Megabytes per second.
Kilobits per second.
Megabits per second.
bps or number
Bytes per second.
· Only whole integers are allowed.
The columns in the file are as follows.
The logical name of an interface. If you run both IPv4 and IPv6
Shorewall firewalls, a given interface should only be listed in one
of the two configurations.
TYPE - [external|internal]
Optional. If given specifies whether the interface is external
(facing toward the Internet) or internal (facing toward a local
network) and enables SFQ flow classification.
Simple traffic shaping is only useful on interfaces where
queuing occurs. As a consequence, internal interfaces seldom
benefit from simple traffic shaping. VPN interfaces are an
exception because the encapsulated packets are later
transferred over a slower external link.
IN-BANDWIDTH - [rate]
Optional. If specified, enables ingress policing on the interface.
If incoming traffic exceeds the given rate, received packets are
dropped randomly. With some DSL and Cable links, large queues can
build up in the ISP's gateway router. While this insures maximum
throughput, it kills interactive response time. By setting
IN-BANDWIDTH, you can eliminate these queues.
To pick an appropriate setting, we recommend that you start by
setting it significantly below your measured download bandwidth
(20% or so). While downloading, measure the ping response time from
the firewall to the upstream router as you gradually increase the
setting.The optimal setting is at the point beyond which the ping
time increases sharply as you increase the setting.
shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
shorewall-rules(5), shorewall.conf(5), shorewall-tcpri(5),
shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
[FIXME: source] 06/17/2010 SHOREWALL-TCINTERFA(5)