Man Linux: Main Page and Category List

NAME

       tcfilters - Shorewall u32 classifier rules file

SYNOPSIS

       /etc/shorewall/tcfilters

DESCRIPTION

       Entries in this file cause packets to be classified for traffic
       shaping.

       The columns in the file are as follows.

       CLASS - interface:class
           The name or number of an interface defined in
           shorewall-tcdevices[1](5) followed by a class number defined for
           that interface in shorewall-tcclasses[2](5).

       SOURCE - {-|address}
           Source of the packet. May be a host or network address. DNS names
           are not allowed.

       DEST - {-|address}}
           Destination of the packet. Comma separated list of IP addresses
           and/or subnets. If your kernel and iptables include iprange match
           support, IP address ranges are also allowed. List elements may also
           consist of an interface name followed by ":" and an address (e.g.,
           eth1:192.168.1.0/24). If the MARK column specificies a
           classification of the form major:minor then this column may also
           contain an interface name.

           You may exclude certain hosts from the set already defined through
           use of an exclusion (see shorewall-exclusion[3](5)).

       PROTO - {-|protocol-number|protocol-name|all}
           Protocol.

       DEST PORT (Optional) - [-|port-name-or-number]
           Destination Ports. A Port name (from services(5)) or a port number;
           if the protocol is icmp, this column is interpreted as the
           destination icmp-type(s).

       SOURCE PORT (Optional) - [-|port-name-or-number]
           Source port.

       TOS (Optional) - [-|tos]
           Specifies the value of the TOS field. The tos value can be any of
           the following:

           ·   tos-minimize-delay

           ·   tos-maximuze-throughput

           ·   tos-maximize-reliability

           ·   tos-minimize-cost

           ·   tos-normal-service

           ·   hex-number

           ·   hex-number/hex-number

           The hex-numbers must be exactly two digits (e.g., 0x04)x.

       LENGTH (Optional) - [-|number]
           Must be a power of 2 between 32 and 8192 inclusive. Packets with a
           total length that is strictly less than the specified number will
           match the rule.

EXAMPLE

       Example 1:
           Place all ICMP echo traffic on interface 1 in class 10.

                      #CLASS    SOURCE    DEST         PROTO   DEST
                      #                                        PORT
                      1:10      0.0.0.0/0 0.0.0.0/0    icmp    echo-request
                      1:10      0.0.0.0/0 0.0.0.0/0    icmp    echo-reply

FILES

       /etc/shorewall/tcfilters

SEE ALSO

       http://shorewall.net/traffic_shaping.htm

       http://shorewall.net/MultiISP.html

       http://shorewall.net/PacketMarking.html

       shorewall(8), shorewall-accounting(5), shorewall-actions(5),
       shorewall-blacklist(5), shorewall-ecn(5), shorewall-exclusion(5),
       shorewall-hosts(5), shorewall-interfaces(5), shorewall-ipsec(5),
       shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
       shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
       shorewall-providers(5), shorewall-proxyarp(5),
       shorewall-route_rules(5), shorewall-routestopped(5),
       shorewall-rules(5), shorewall.conf(5), shorewall-tcclasses(5),
       shorewall-tcdevices(5), shorewall-tos(5), shorewall-tunnels(5),
       shorewall-zones(5)

NOTES

        1. shorewall-tcdevices
           http://www.shorewall.net/manpages/shorewall-tcdevices.html

        2. shorewall-tcclasses
           http://www.shorewall.net/manpages/shorewall-tcclasses.html

        3. shorewall-exclusion
           http://www.shorewall.net/manpages/shorewall-exclusion.html

[FIXME: source]                   06/17/2010