Provided by: shorewall_4.4.6-1_all bug

NAME

       tcinterfaces - Shorewall file

SYNOPSIS

       /etc/shorewall/tcinterfaces

DESCRIPTION

       This file lists the interfaces that are subject to simple traffic
       shaping. Simple traffic shaping is enabled by setting TC_ENABLED=Simple
       in shorewall.conf[1](5).

       The columns in the file are as follows.

       INTERFACE
           The logical name of an interface. If you run both IPv4 and IPv6
           Shorewall firewalls, a given interface should only be listed in one
           of the two configurations.

       TYPE - [external|internal]
           Optional. If given specifies whether the interface is external
           (facing toward the Internet) or internal (facing toward a local
           network) and enables SFQ flow classification.

           Note
           Simple traffic shaping is only useful on interfaces where queuing
           occurs. As a consequence, internal interfaces seldom benefit from
           simple traffic shaping. VPN interfaces are an exception because the
           encapsulated packets are later transferred over a slower external
           link.

       IN-BANDWIDTH - [rate]
           Optional. If specified, enables ingress policing on the interface.
           If incoming traffic exceeds the given rate, received packets are
           dropped randomly. With some DSL and Cable links, large queues can
           build up in the ISPĀ“s gateway router. While this insures maximum
           throughput, it kills interactive response time. By setting
           IN-BANDWIDTH, you can eliminate these queues.

           To pick an appropriate setting, we recommend that you start by
           setting it significantly below your measured download bandwidth
           (20% or so). While downloading, measure the ping response time from
           the firewall to the upstream router as you gradually increase the
           setting.The optimal setting is at the point beyond which the ping
           time increases sharply as you increase the setting.

FILES

       /etc/shorewall/tcinterfaces.

SEE ALSO

       shorewall(8), shorewall-accounting(5), shorewall-actions(5),
       shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
       shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
       shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
       shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
       shorewall-route_rules(5), shorewall-routestopped(5),
       shorewall-rules(5), shorewall.conf(5), shorewall-tcpri(5),
       shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
       shorewall-zones(5)

NOTES

        1. shorewall.conf
           shorewall.conf.html

                                  01/14/2010            SHOREWALL-TCINTERFA(5)