Provided by: shorewall_4.4.26.1-1_all bug


       tcfilters - Shorewall u32 classifier rules file




       Entries in this file cause packets to be classified for traffic shaping.

       Beginning with Shorewall 4.4.15, the file may contain entries for both IPv4 and IPv6. By
       default, all rules apply to IPv4 but that can be changed by inserting a line as follows:

           Following entriess apply to IPv4.

           Following entries apply to IPv6

           Following entries apply to both IPv4 and IPv6. Each entry is processed twice; once for
           IPv4 and once for IPv6.

       The columns in the file are as follows (where the column name is followed by a different
       name in parentheses, the different name is used in the alternate specification syntax).

       CLASS - interface:class
           The name or number of an interface defined in shorewall-tcdevices[1](5) followed by a
           class number defined for that interface in shorewall-tcclasses[2](5).

       SOURCE - {-|address}
           Source of the packet. May be a host or network address. DNS names are not allowed.

       DEST - {-|address}}
           Destination of the packet. May be a host or network address. DNS names are not

           You may exclude certain hosts from the set already defined through use of an exclusion
           (see shorewall-exclusion[3](5)).

       PROTO - {-|protocol-number|protocol-name|all}

       DEST PORT (dport) - [-|port-name-or-number]
           Optional destination Ports. A Port name (from services(5)) or a port number; if the
           protocol is icmp, this column is interpreted as the destination icmp-type(s).

       SOURCE PORT (sport) - [-|port-name-or-number]
           Optional source port.

       TOS (Optional) - [-|tos]
           Specifies the value of the TOS field. The tos value can be any of the following:

           ·   tos-minimize-delay

           ·   tos-maximuze-throughput

           ·   tos-maximize-reliability

           ·   tos-minimize-cost

           ·   tos-normal-service

           ·   hex-number

           ·   hex-number/hex-number

           The hex-numbers must be exactly two digits (e.g., 0x04)x.

       LENGTH - [-|number]
           Optional - Must be a power of 2 between 32 and 8192 inclusive. Packets with a total
           length that is strictly less than the specified number will match the rule.


       Example 1:
           Place all 'ping' traffic on interface 1 in class 10. Note that ALL cannot be used
           because IPv4 ICMP and IPv6 ICMP are two different protocols.

                      #CLASS    SOURCE    DEST         PROTO   DEST
                      #                                        PORT


                      1:10    icmp    echo-request
                      1:10    icmp    echo-reply


                      1:10      ::/0      ::/0         icmp6   echo-request
                      1:10      ::/0      ::/0         icmp6   echo-reply




       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5),
       shorewall-ecn(5), shorewall-exclusion(5), shorewall-hosts(5), shorewall_interfaces(5),
       shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
       shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5),
       shorewall-proxyarp(5), shorewall-route_rules(5), shorewall-routestopped(5),
       shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5),
       shorewall-tcdevices(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)


        1. shorewall-tcdevices

        2. shorewall-tcclasses

        3. shorewall-exclusion

[FIXME: source]                             12/13/2011                     SHOREWALL-TCFILTERS(5)