diff --git a/docs/traffic_shaping.xml b/docs/traffic_shaping.xml
index 8164511c1..c2885b417 100644
--- a/docs/traffic_shaping.xml
+++ b/docs/traffic_shaping.xml
@@ -21,7 +21,7 @@
- 2006-02-27
+ 2006-03-15
2001-2006
@@ -413,14 +413,41 @@ ppp0 6000kbit 500kbit
- MARK - Specifies the mark value is to be assigned in case of a
- match. This is an integer in the range 1-255. This value may be
- optionally followed by :
and either F
- or P
to designate that the marking will occur in the
- FORWARD or PREROUTING chains respectively. If this additional
- specification is omitted, the chain used to mark packets will be
- determined by the setting of the MARK_IN_FORWARD_CHAIN option in
- shorewall.conf.
+ MARK or CLASSIFY - MARK specifies the mark value is to be
+ assigned in case of a match. This is an integer in the range 1-255.
+ This value may be optionally followed by :
and either
+ F
or P
to designate that the marking
+ will occur in the FORWARD or PREROUTING chains respectively. If this
+ additional specification is omitted, the chain used to mark packets
+ will be determined by the setting of the MARK_IN_FORWARD_CHAIN
+ option in shorewall.conf.
+
+ To use CLASSIFY, your kernel and iptables must include
+ CLASSIFY target support. In that case, this column contains a
+ classification (classid) of the form <major>:<minor>
+ where <major> and <minor> are integers. Corresponds to
+ the 'class' specification in these traffic shaping modules:
+
+
+ atm
+
+ cbq
+
+ dsmark
+
+ pfifo_fast
+
+ htb
+
+ prio
+
+
+ Classify always occurs in the POSTROUTING chain. When used
+ with the builtin traffic shaper, the <major> class is the
+ device number (the first entry in
+ /etc/shorewall/tcdevices is device 1, the
+ second is device 2 and so on) and the <minor> class is the
+ MARK value of the class + 100.
@@ -484,7 +511,7 @@ ppp0 6000kbit 500kbit
packets arriving on eth2 and eth3 should be marked with 2. All packets
originating on the firewall itself should be marked with 3.
- #MARK SOURCE DESTINATION PROTOCOL USER/GROUP
+ #MARK SOURCE DESTINATION PROTOCOL PORT(S)
1 eth1 0.0.0.0/0 all
2 eth2 0.0.0.0/0 all
2 eth3 0.0.0.0/0 all
@@ -497,19 +524,32 @@ ppp0 6000kbit 500kbit
All GRE (protocol 47) packets not originating on the firewall
and destined for 155.186.235.151 should be marked with 12.
- #MARK SOURCE DESTINATION PROTOCOL USER/GROUP
+ #MARK SOURCE DESTINATION PROTOCOL PORT(S)
12 0.0.0.0/0 155.182.235.151 47
- All SSH packets originating in 192.168.1.0/24 and destined for
- 155.186.235.151 should be marked with 22.
+ All SSH request packets originating in 192.168.1.0/24 and
+ destined for 155.186.235.151 should be marked with 22.
- #MARK SOURCE DESTINATION PROTOCOL USER/GROUP
+ #MARK SOURCE DESTINATION PROTOCOL PORT(S)
22 192.168.1.0/24 155.182.235.151 tcp 22
+
+
+
+
+ All SSH packets packets going out of the first device in in
+ /etc/shorewall/tcdevices should be assigned to the class with mark
+ value 10.
+
+ #MARK SOURCE DESTINATION PROTOCOL PORT(S) CLIENT
+# PORT(S)
+1:110 0.0.0.0/0 0.0.0.0/0 tcp 22
+1:110 0.0.0.0/0 0.0.0.0/0 tcp - 22
+