mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-22 05:28:59 +01:00
a03a65e770
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3461 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
194 lines
6.9 KiB
Plaintext
194 lines
6.9 KiB
Plaintext
#
|
|
# Shorewall version 3.2 - Tcclasses File
|
|
#
|
|
# Based on tc4shorewall version 0.5 by Arne Bernin
|
|
#
|
|
# /etc/shorewall/tcclasses
|
|
#
|
|
# Define the classes used for traffic shaping in this file.
|
|
#
|
|
# A note on the rate/bandwidth definitions used in this file:
|
|
#
|
|
# - don't use a space between the integer value and
|
|
# the unit: 30kbit is valid while 30 kbit is NOT.
|
|
#
|
|
# - you can use one of the following units:
|
|
#
|
|
# kbps Kilobytes per second
|
|
# mbps Megabytes per second
|
|
# kbit Kilobits per second
|
|
# mbit Megabits per second
|
|
# bps or a
|
|
# bare number Bytes per second
|
|
#
|
|
# - if you want the values to be calculated for you depending
|
|
# on the output bandwidth setting defined for an interface
|
|
# in tcdevices, you can use expressions like the following:
|
|
#
|
|
# full/3 causes the bandwidth to be calculated
|
|
# as 3 of the the full outgoing
|
|
# speed that is defined.
|
|
#
|
|
# full*9/10 will set this bandwidth to 9/10 of
|
|
# the full bandwidth
|
|
#
|
|
# DO NOT add a unit to the rate if it is calculated !
|
|
#
|
|
# Columns are:
|
|
#
|
|
# INTERFACE Name of interface. Each interface may be listed only
|
|
# once in this file. You may NOT specify the name of
|
|
# an alias (e.g., eth0:0) here; see
|
|
# http://www.shorewall.net/FAQ.htm#faq18
|
|
#
|
|
# You may NOT specify wildcards here, e.g. if you
|
|
# have multiple ppp interfaces, you need to put
|
|
# them all in here!
|
|
#
|
|
# Please note that you can only use interface names
|
|
# in here that have a bandwidth defined in the tcdevices
|
|
# file
|
|
#
|
|
# MARK The mark value which is an integer in the range 1-255.
|
|
# You define this marks in the tcrules file, marking
|
|
# the traffic you want to fit in the classes defined
|
|
# in here.
|
|
#
|
|
# You can use the same marks for different interfaces.
|
|
#
|
|
# RATE The minimum bandwidth this class should get,
|
|
# when the traffic load rises.
|
|
#
|
|
# CEIL The maximum bandwidth this class is allowed to use
|
|
# when the link is idle. Useful if you have traffic
|
|
# which can get full speed when more needed services
|
|
# (e.g. ssh) are not used.
|
|
#
|
|
# You can use the value "full" in here for setting
|
|
# the maximum bandwidth to the defined output bandwidth
|
|
# of that interface
|
|
#
|
|
# PRIORITY The priority in which classes will be serviced by
|
|
# the packet shaping scheduler and also the priority
|
|
# in which bandwidth in excess of the rate will be
|
|
# given to each class.
|
|
#
|
|
# Higher priority classes will experience less delay
|
|
# since they are serviced first. Priority values
|
|
# are serviced in ascending order (e.g. 0 is higher
|
|
# priority than 1).
|
|
#
|
|
# Classes may be set to the same priority, in which
|
|
# case they will be serviced as equals.
|
|
#
|
|
# OPTIONS A comma-separated list of options including the
|
|
# following:
|
|
#
|
|
# default - this is the default class for that
|
|
# interface where all traffic should go,
|
|
# that is not classified otherwise.
|
|
#
|
|
# NOTE: defining default for exactly one
|
|
# class per interface is mandatory!
|
|
#
|
|
# tos=0x<value>[/0x<mask>] (mask defaults to 0xff)
|
|
# - this lets you define a classifier
|
|
# for the given <value>/<mask>
|
|
# combination of the IP packet's
|
|
# TOS/Precedence/DiffSrv octet (aka the
|
|
# TOS byte). Please note, classifiers
|
|
# override all mark settings, so if you
|
|
# define a classifer for a class, all
|
|
# traffic having that mark will go in it
|
|
# regardless of any mark set on the
|
|
# packet by a firewall/mangle filter.
|
|
#
|
|
# NOTE: multiple tos= statements may be
|
|
# applied per class and per interface,
|
|
# but a given value/mask pair is valid
|
|
# for only ONE class per interface.
|
|
#
|
|
# tos-<tosname> - aliases for the following TOS octet
|
|
# value and mask encodings. TOS
|
|
# encodings of the "TOS byte" have been
|
|
# deprecated in favor of diffserve
|
|
# classes, but programs like ssh,
|
|
# rlogin, and ftp still use them.
|
|
#
|
|
# tos-minimize-delay 0x10/0x10
|
|
# tos-maximize-throughput 0x08/0x08
|
|
# tos-maximize-reliability 0x04/0x04
|
|
# tos-minimize-cost 0x02/0x02
|
|
# tos-normal-service 0x00/0x1e
|
|
#
|
|
# NOTE: each of this options is only
|
|
# valid for ONE class per interface.
|
|
#
|
|
# tcp-ack - if defined causes an tc filter to
|
|
# be created that puts all tcp ack
|
|
# packets on that interface that have
|
|
# an size of <=64 Bytes to go in this
|
|
# class. This is useful for speeding up
|
|
# downloads. Please note that the size
|
|
# of the ack packets is limited to 64
|
|
# bytes as some applications (p2p for
|
|
# example) use to make every packet an
|
|
# ack packet which would cause them
|
|
# all into here. We want only packets
|
|
# WITHOUT payload to match, so the size
|
|
# limit.
|
|
#
|
|
# NOTE: This option is only valid for
|
|
# ONE class per interface.
|
|
#
|
|
#
|
|
#
|
|
# Example 1: Suppose you are using PPP over Ethernet (DSL)
|
|
# and ppp0 is the interface for this. You have 4 classes
|
|
# here, the first you can use for voice over IP
|
|
# traffic, the second interactive traffic (e.g.
|
|
# ssh/telnet but not scp), the third will be for all
|
|
# unclassified traffic, and the forth is for low
|
|
# priority traffic (e.g. peer-to-peer).
|
|
#
|
|
# The voice traffic in the first class will be
|
|
# guaranteed a minimum of 100kbps and always be
|
|
# serviced first (because of the low priority number,
|
|
# giving less delay) and will be granted excess
|
|
# bandwidth (up to 180kbps, the class ceiling) first,
|
|
# before any other traffic. A single VOIP stream,
|
|
# depending upon codecs, after encapsulation, can take
|
|
# up to 80kbps on a PPOE/DSL link, so we pad a little
|
|
# bit just in case. (TOS byte values 0xb8 and 0x68
|
|
# are DiffServ classes EF and AFF3-1 respectively and
|
|
# are often used by VOIP devices).
|
|
#
|
|
# Interactive traffic (tos-minimum-delay) and
|
|
# TCP acks (and ICMP echo traffic if you use the example
|
|
# in tcrules) and any packet with a mark of 2 will be
|
|
# guaranteed 1/4 of the link bandwidth, and may extend
|
|
# up to full speed of the link.
|
|
#
|
|
# Unclassified traffic and packets marked as 3 will be
|
|
# guaranteed 1/4th of the link bandwidth, and may extend
|
|
# to the full speed of the link.
|
|
#
|
|
# Packets marked with 4 will be treated as low priority
|
|
# packets. (The tcrules example marks p2p traffic as
|
|
# such.) If the link is congested, they're only
|
|
# guaranteed 1/8th of the speed, and even if the link is
|
|
# empty, can only expand to 80% of link bandwidth just
|
|
# as a precaution in case there are upstream queues we
|
|
# didn't account for. This is the last class to get
|
|
# additional bandwidth and the last to get serviced by
|
|
# the scheduler because of the low priority.
|
|
#
|
|
# ppp0 1 100kbit 180kbit 1 tos=0x68/0xfc,tos=0xb8/0xfc
|
|
# ppp0 2 full/4 full 2 tcp-ack,tos-minimize-delay
|
|
# ppp0 3 full/4 full 3 default
|
|
# ppp0 4 full/8 full*8/10 4
|
|
#
|
|
###############################################################################
|
|
#INTERFACE MARK RATE CEIL PRIORITY OPTIONS
|
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|