Provided by: shorewall_4.4.26.1-1_all bug

NAME

       tcfilters - Shorewall u32 classifier rules file

SYNOPSIS

       /etc/shorewall/tcfilters

DESCRIPTION

       Entries in this file cause packets to be classified for traffic
       shaping.

       Beginning with Shorewall 4.4.15, the file may contain entries for both
       IPv4 and IPv6. By default, all rules apply to IPv4 but that can be
       changed by inserting a line as follows:

       IPV4
           Following entriess apply to IPv4.

       IPV6
           Following entries apply to IPv6

       ALL
           Following entries apply to both IPv4 and IPv6. Each entry is
           processed twice; once for IPv4 and once for IPv6.

       The columns in the file are as follows (where the column name is
       followed by a different name in parentheses, the different name is used
       in the alternate specification syntax).

       CLASS - interface:class
           The name or number of an interface defined in
           shorewall-tcdevices[1](5) followed by a class number defined for
           that interface in shorewall-tcclasses[2](5).

       SOURCE - {-|address}
           Source of the packet. May be a host or network address. DNS names
           are not allowed.

       DEST - {-|address}}
           Destination of the packet. May be a host or network address. DNS
           names are not allowed.

           You may exclude certain hosts from the set already defined through
           use of an exclusion (see shorewall-exclusion[3](5)).

       PROTO - {-|protocol-number|protocol-name|all}
           Protocol.

       DEST PORT (dport) - [-|port-name-or-number]
           Optional destination Ports. A Port name (from services(5)) or a
           port number; if the protocol is icmp, this column is interpreted as
           the destination icmp-type(s).

       SOURCE PORT (sport) - [-|port-name-or-number]
           Optional source port.

       TOS (Optional) - [-|tos]
           Specifies the value of the TOS field. The tos value can be any of
           the following:

           o   tos-minimize-delay

           o   tos-maximuze-throughput

           o   tos-maximize-reliability

           o   tos-minimize-cost

           o   tos-normal-service

           o   hex-number

           o   hex-number/hex-number

           The hex-numbers must be exactly two digits (e.g., 0x04)x.

       LENGTH - [-|number]
           Optional - Must be a power of 2 between 32 and 8192 inclusive.
           Packets with a total length that is strictly less than the
           specified number will match the rule.

EXAMPLE

       Example 1:
           Place all 'ping' traffic on interface 1 in class 10. Note that ALL
           cannot be used because IPv4 ICMP and IPv6 ICMP are two different
           protocols.

                      #CLASS    SOURCE    DEST         PROTO   DEST
                      #                                        PORT

                      IPV4

                      1:10      0.0.0.0/0 0.0.0.0/0    icmp    echo-request
                      1:10      0.0.0.0/0 0.0.0.0/0    icmp    echo-reply

                      IPV6

                      1:10      ::/0      ::/0         icmp6   echo-request
                      1:10      ::/0      ::/0         icmp6   echo-reply

FILES

       /etc/shorewall/tcfilters

SEE ALSO

       http://shorewall.net/traffic_shaping.htm

       http://shorewall.net/MultiISP.html

       http://shorewall.net/PacketMarking.html

       http://shorewall.net/configuration_file_basics.htm#Pairs

       shorewall(8), shorewall-accounting(5), shorewall-actions(5),
       shorewall-blacklist(5), shorewall-ecn(5), shorewall-exclusion(5),
       shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5),
       shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
       shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
       shorewall-providers(5), shorewall-proxyarp(5),
       shorewall-route_rules(5), shorewall-routestopped(5),
       shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5),
       shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tos(5),
       shorewall-tunnels(5), shorewall-zones(5)

NOTES

        1. shorewall-tcdevices
           http://www.shorewall.net/manpages/shorewall-tcdevices.html

        2. shorewall-tcclasses
           http://www.shorewall.net/manpages/shorewall-tcclasses.html

        3. shorewall-exclusion
           http://www.shorewall.net/manpages/shorewall-exclusion.html

[FIXME: source]                   12/13/2011            SHOREWALL-TCFILTERS(5)