2009-12-26 21:40:16 +01:00
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
|
|
|
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
|
|
|
|
<refentry>
|
|
|
|
<refmeta>
|
|
|
|
<refentrytitle>shorewall-tcpri</refentrytitle>
|
|
|
|
|
|
|
|
<manvolnum>5</manvolnum>
|
|
|
|
</refmeta>
|
|
|
|
|
|
|
|
<refnamediv>
|
|
|
|
<refname>tcpri</refname>
|
|
|
|
|
|
|
|
<refpurpose>Shorewall file</refpurpose>
|
|
|
|
</refnamediv>
|
|
|
|
|
|
|
|
<refsynopsisdiv>
|
|
|
|
<cmdsynopsis>
|
|
|
|
<command>/etc/shorewall/tcpri</command>
|
|
|
|
</cmdsynopsis>
|
|
|
|
</refsynopsisdiv>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>Description</title>
|
|
|
|
|
|
|
|
<para>This file is used to specify the priority of traffic for simple
|
|
|
|
traffic shaping (TC_ENABLED=Simple in <ulink
|
|
|
|
url="shorewall.conf.html">shorewall.conf</ulink>(5)). The priority band of
|
|
|
|
each packet is determined by the <emphasis role="bold">last</emphasis>
|
|
|
|
entry that the packet matches. If a packet doesn't match any entry in this
|
|
|
|
file, then its priority will be determined by its TOS field. The default
|
|
|
|
mapping is as follows but can be changed by setting the TC_PRIOMAP option
|
|
|
|
in <ulink url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
|
|
|
|
|
|
|
<programlisting>TOS Bits Means Linux Priority BAND
|
|
|
|
------------------------------------------------------------
|
|
|
|
0x0 0 Normal Service 0 Best Effort 2
|
|
|
|
0x2 1 Minimize Monetary Cost 1 Filler 3
|
|
|
|
0x4 2 Maximize Reliability 0 Best Effort 2
|
|
|
|
0x6 3 mmc+mr 0 Best Effort 2
|
|
|
|
0x8 4 Maximize Throughput 2 Bulk 3
|
|
|
|
0xa 5 mmc+mt 2 Bulk 3
|
|
|
|
0xc 6 mr+mt 2 Bulk 3
|
|
|
|
0xe 7 mmc+mr+mt 2 Bulk 3
|
|
|
|
0x10 8 Minimize Delay 6 Interactive 1
|
|
|
|
0x12 9 mmc+md 6 Interactive 1
|
|
|
|
0x14 10 mr+md 6 Interactive 1
|
|
|
|
0x16 11 mmc+mr+md 6 Interactive 1
|
|
|
|
0x18 12 mt+md 4 Int. Bulk 2
|
|
|
|
0x1a 13 mmc+mt+md 4 Int. Bulk 2
|
|
|
|
0x1c 14 mr+mt+md 4 Int. Bulk 2
|
|
|
|
0x1e 15 mmc+mr+mt+md 4 Int. Bulk 2</programlisting>
|
|
|
|
|
|
|
|
<para>The columns in the file are as follows.</para>
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
|
|
|
<term><emphasis role="bold">BAND</emphasis> - {<emphasis
|
|
|
|
role="bold">1</emphasis>|<emphasis role="bold">2</emphasis>|<emphasis
|
|
|
|
role="bold">3</emphasis>}</term>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>Classifies matching traffic as High Priority (1), Medium
|
|
|
|
Priority (2) or Low Priority (3). For those interfaces listed in
|
|
|
|
<ulink
|
|
|
|
url="shorewall-tcinterfaces.html">shorewall-tcinterfaces</ulink>(5),
|
|
|
|
Priority 2 traffic will be deferred so long and there is Priority 1
|
|
|
|
traffic queued and Priority 3 traffic will be deferred so long as
|
|
|
|
there is Priority 1 or Priority 2 traffic to send.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term><emphasis role="bold">PROTO</emphasis> -
|
|
|
|
<replaceable>protocol</replaceable></term>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>Optional. The name or number of an IPv4
|
|
|
|
<replaceable>protocol</replaceable>.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>PORT(S) - <replaceable>port</replaceable> [,...]</term>
|
|
|
|
|
|
|
|
<listitem>
|
2010-03-16 17:42:50 +01:00
|
|
|
<para>Optional. May only be given if the the PROTO is TCP (6), UDP
|
|
|
|
(17), DCCP (33), SCTP (132) or UDPLITE (136). A list of one or more
|
|
|
|
port numbers or service names from /etc/services. Port ranges of the
|
|
|
|
form
|
2009-12-26 21:40:16 +01:00
|
|
|
<replaceable>lowport</replaceable>:<replaceable>highport</replaceable>
|
|
|
|
may also be included.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>ADDRESS - [<replaceable>address</replaceable>]</term>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>Optional. The IP or MAC address that the traffic originated
|
|
|
|
from. MAC addresses must be given in Shorewall format. If this
|
|
|
|
column contains an address, then the PROTO, PORT(S) and INTERFACE
|
|
|
|
column must be empty ("-").</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>INTERFACE - [<replaceable>interface</replaceable>]</term>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>Optional. The logical name of an
|
|
|
|
<replaceable>interface</replaceable> that traffic arrives from. If
|
|
|
|
given, the PROTO, PORT(S) and ADDRESS columns must be empty
|
|
|
|
("-").</para>
|
|
|
|
|
|
|
|
<note>
|
|
|
|
<para>INTERFACE classification of packets occurs before
|
|
|
|
classification by PROTO/PORT(S)/ADDRESS. So it is highly
|
|
|
|
recommended to place entries that specify INTERFACE at the top of
|
|
|
|
the file so that the rule about <emphasis>last entry
|
|
|
|
matches</emphasis> is preserved.</para>
|
|
|
|
</note>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term><emphasis role="bold">HELPER</emphasis> -
|
|
|
|
[<replaceable>helper</replaceable>]</term>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>Optional. Names a Netfiler protocol helper module such as ftp,
|
|
|
|
sip, amanda, etc. A packet will match if it was accepted by the
|
|
|
|
named helper module. You can also append "-" and a port number to
|
|
|
|
the helper module name (e.g., ftp-21) to specify the port number
|
|
|
|
that the original connection was made on.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>FILES</title>
|
|
|
|
|
|
|
|
<para>/etc/shorewall/tcpri</para>
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>See ALSO</title>
|
|
|
|
|
2011-09-26 19:16:52 +02:00
|
|
|
<para><ulink
|
|
|
|
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
|
|
|
|
|
|
|
|
<para>prio(8), shorewall(8), shorewall-accounting(5),
|
2009-12-26 21:40:16 +01:00
|
|
|
shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5),
|
2011-09-26 19:16:52 +02:00
|
|
|
shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5),
|
|
|
|
shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5),
|
|
|
|
shorewall-params(5), shorewall-policy(5), shorewall-providers(5),
|
2012-01-09 16:19:10 +01:00
|
|
|
shorewall-proxyarp(5), shorewall-rtrules(5),
|
2011-09-26 19:16:52 +02:00
|
|
|
shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
|
|
|
|
shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
|
2010-07-19 23:45:05 +02:00
|
|
|
shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
|
|
|
|
shorewall-zones(5)</para>
|
2009-12-26 21:40:16 +01:00
|
|
|
</refsect1>
|
|
|
|
</refentry>
|