1
0
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-01 19:19:10 +01:00

Complete Shared TC documentation

This commit is contained in:
Tom Eastep 2010-11-14 14:48:16 -08:00
parent a4bff9a2fa
commit c9737930a2
3 changed files with 76 additions and 3 deletions

View File

@ -1278,6 +1278,58 @@ SAVE 0.0.0.0/0 0.0.0.0/0 all - - -
/sbin/shorewall refresh</programlisting>
</section>
<section>
<title>Sharing a TC configuration between Shorewall and
Shorewall6</title>
<para>Beginning with Shorewall 4.4.15, the traffic-shaping configuration
in the tcdevices, tcclasses and tcfilters files can be shared between
Shorewall and Shorewall6. Only one of the products can control the
configuration but the other can configure CLASSIFY rules in its own
tcrules file that refer to the shared classes.</para>
<para>To defined the configuration in Shorewall and shared it with
Shorewall6:</para>
<itemizedlist>
<listitem>
<para>Set TC_ENABLED=Internal in <ulink
url="manpages/shorewall.conf.html">shorewall.conf</ulink>
(5).</para>
</listitem>
<listitem>
<para>Set TC_ENABLED=SHARED in <ulink
url="manpages6/shorewall6.conf.html">shorewall6.conf</ulink>
(5).</para>
</listitem>
<listitem>
<para>Create symbolic links from /etc/shorewall6 to
/etc/shorewall/tcdevices and /etc/shorewall/tcclasses:</para>
<programlisting>ln -s ../shorewall/tcdevices /etc/shorewall6/tcdevices
ln -s ../shorewall/tcclasses /etc/shorewall6/tcclasses</programlisting>
</listitem>
<listitem>
<para>If you need to define IPv6 tcfilter entries, do so in
/etc/shorewall/tcfilters. That file now allows entries that apply to
IPv6.</para>
</listitem>
</itemizedlist>
<para>Shorewall6 compilations to have access to the tcdevices and
tcclasses files although it will create no output. That access allows
CLASSIFY rules in /etc/shorewall6/tcrules to be validated against the TC
configuration.</para>
<para>In this configuration, it is Shorewall that controls TC
configuration (except for IPv6 tcrules). You can reverse the settings in
the files if you want to control the configuration using
Shorewall6.</para>
</section>
<section id="perIP">
<title>Per-IP Traffic Shaping</title>

View File

@ -1645,7 +1645,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
role="bold">Yes</emphasis>|<emphasis
role="bold">No</emphasis>|<emphasis
role="bold">Internal</emphasis>|<emphasis
role="bold">Simple</emphasis>]</term>
role="bold">Simple</emphasis>|Shared]</term>
<listitem>
<para>If you say <emphasis role="bold">Yes</emphasis> or <emphasis
@ -1667,6 +1667,16 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<para>If you set TC_ENABLED=Internal or internal or leave the option
empty then Shorewall will use its builtin traffic shaper
(tc4shorewall written by Arne Bernin.</para>
<para>Beginning with Shorewall 4.4.15, you can set
TC_ENABLED=Shared. This allows you to configure the tcdevices and
tcclasses in your Shorewall6 configuration yet make them available
to the compiler when compiling your Shorewall configuration. In
addition to setting TC_ENABLED=Shared, you need to create symbolic
links from your Shorewall configuration directory (normally
/etc/shorewall/) to the tcdevices and tcclasses files in your
Shorewall6 configuration directory (normally
/etc/shorewall6/).</para>
</listitem>
</varlistentry>

View File

@ -1351,7 +1351,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<term><emphasis role="bold">TC_ENABLED=</emphasis>[<emphasis
role="bold">Yes</emphasis>|<emphasis
role="bold">No</emphasis>|<emphasis
role="bold">Internal</emphasis>]</term>
role="bold">Internal|Shared</emphasis>]</term>
<listitem>
<para>If you say <emphasis role="bold">Yes</emphasis> or <emphasis
@ -1368,11 +1368,22 @@ net all DROP info</programlisting>then the chain name is 'net2all'
empty then Shorewall6 will use its builtin traffic shaper
(tc4shorewall6 written by Arne Bernin.</para>
<para>Beginning with Shorewall 4.4.15, if you set TC_ENABLED=Shared
or shared, then you should create symbolic links from your
Shorewall6 configuration directory (normally
<filename>/etc/shorewall6/</filename>) to your Shorewall
<filename>tcdevices</filename> and <filename>tcclasses</filename>
files. This allows the compiler to have access to your Shorewall
traffic shaping configuration so that it can validate CLASSIFY rules
in <ulink url="shorewall-tcrules.html">shorewall6-tcrules</ulink>
(5).</para>
<warning>
<para>If you also run Shorewall and if you have
TC_ENABLED=Internal in your <ulink
url="../manpages/shorewall.conf.html">shorewall-conf</ulink>(5),
then you will want TC_ENABLED=No in this file.</para>
then you will want TC_ENABLED=No or TC_ENABLED=Shared in this
file.</para>
</warning>
</listitem>
</varlistentry>