shorewall-tcfilters(5)

NAME

tcfilters - Shorewall u32 classifier rules file

/etc/shorewall/tcfilters

Entries in this file cause packets to be classified for traffic
shaping.

The columns in the file are as follows.

CLASS - interface:class: The name or number of an interface defined in
shorewall-tcdevices[1](5) followed by a class number defined for that interface in shorewall-tcclasses[2](5).
SOURCE - {-|address}: Source of the packet. May be a host or network address. DNS names are not allowed.
DEST - {-|address}}: Destination of the packet. Comma separated list of IP addresses
and/or subnets. If your kernel and iptables include iprange match
support, IP address ranges are also allowed. List elements may also consist of an interface name followed by ":" and an address (e.g., eth1:192.168.1.0/24). If the MARK column specificies a
classification of the form major:minor then this column may also contain an interface name.; You may exclude certain hosts from the set already defined through use of an exclusion (see shorewall-exclusion[3](5)).
PROTO - {-|protocol-number|protocol-name|all}: Protocol.
DEST PORT (Optional) - [-|port-name-or-number]: Destination Ports. A Port name (from services(5)) or a port number;
if the protocol is icmp, this column is interpreted as the destination icmp-type(s).
SOURCE PORT (Optional) - [-|port-name-or-number]: Source port.

Example 1:: Place all ICMP echo traffic on interface 1 in class 10.

#CLASS SOURCE DEST PROTO DEST
# PORT
1:10 0.0.0.0/0 0.0.0.0/0 icmp echo-request
1:10 0.0.0.0/0 0.0.0.0/0 icmp echo-reply

/etc/shorewall/tcfilters

1. shorewall-tcdevices: shorewall-tcdevices.html; 2. shorewall-tcclasses
shorewall-tcclasses.html; 3. shorewall-exclusion
shorewall-exclusion.html