2005-08-31 22:48:22 +02:00
|
|
|
#
|
2006-01-16 16:15:43 +01:00
|
|
|
# Shorewall version 3.2 - Tcclasses File
|
2005-11-29 17:51:53 +01:00
|
|
|
#
|
|
|
|
# Based on tc4shorewall version 0.5 by Arne Bernin
|
2005-08-31 22:48:22 +02:00
|
|
|
#
|
|
|
|
# /etc/shorewall/tcclasses
|
|
|
|
#
|
|
|
|
# Define the classes used for traffic shaping in this file.
|
2005-09-28 21:39:47 +02:00
|
|
|
#
|
2005-08-31 22:48:22 +02:00
|
|
|
# A note on the rate/bandwidth definitions used in this file:
|
|
|
|
#
|
|
|
|
# - don't use a space between the integer value and
|
|
|
|
# the unit: 30kbit is valid while 30 kbit is NOT.
|
|
|
|
#
|
|
|
|
# - you can use one of the following units:
|
|
|
|
#
|
2005-11-29 17:51:53 +01:00
|
|
|
# kbps Kilobytes per second
|
|
|
|
# mbps Megabytes per second
|
|
|
|
# kbit Kilobits per second
|
|
|
|
# mbit Megabits per second
|
|
|
|
# bps or a
|
2005-08-31 22:48:22 +02:00
|
|
|
# bare number Bytes per second
|
|
|
|
#
|
|
|
|
# - if you want the values to be calculated for you depending
|
|
|
|
# on the output bandwidth setting defined for an interface
|
|
|
|
# in tcdevices, you can use expressions like the following:
|
2005-09-28 21:39:47 +02:00
|
|
|
#
|
2005-08-31 22:48:22 +02:00
|
|
|
# full/3 causes the bandwidth to be calculated
|
|
|
|
# as 3 of the the full outgoing
|
|
|
|
# speed that is defined.
|
|
|
|
#
|
|
|
|
# full*9/10 will set this bandwidth to 9/10 of
|
|
|
|
# the full bandwidth
|
|
|
|
#
|
|
|
|
# DO NOT add a unit to the rate if it is calculated !
|
|
|
|
#
|
|
|
|
# Columns are:
|
|
|
|
#
|
|
|
|
# INTERFACE Name of interface. Each interface may be listed only
|
|
|
|
# once in this file. You may NOT specify the name of
|
|
|
|
# an alias (e.g., eth0:0) here; see
|
|
|
|
# http://www.shorewall.net/FAQ.htm#faq18
|
|
|
|
#
|
2005-09-28 21:39:47 +02:00
|
|
|
# You may NOT specify wildcards here, e.g. if you
|
2005-08-31 22:48:22 +02:00
|
|
|
# have multiple ppp interfaces, you need to put
|
|
|
|
# them all in here!
|
|
|
|
#
|
|
|
|
# Please note that you can only use interface names
|
|
|
|
# in here that have a bandwidth defined in the tcdevices
|
|
|
|
# file
|
|
|
|
#
|
|
|
|
# MARK The mark value which is an integer in the range 1-255.
|
|
|
|
# You define this marks in the tcrules file, marking
|
|
|
|
# the traffic you want to fit in the classes defined
|
2005-09-28 21:39:47 +02:00
|
|
|
# in here.
|
2005-08-31 22:48:22 +02:00
|
|
|
#
|
2006-02-10 16:46:19 +01:00
|
|
|
# You can use the same marks for different interfaces.
|
2005-08-31 22:48:22 +02:00
|
|
|
#
|
|
|
|
# RATE The minimum bandwidth this class should get,
|
2006-02-10 16:46:19 +01:00
|
|
|
# when the traffic load rises.
|
2005-09-28 21:39:47 +02:00
|
|
|
#
|
2005-08-31 22:48:22 +02:00
|
|
|
# CEIL The maximum bandwidth this class is allowed to use
|
|
|
|
# when the link is idle. Useful if you have traffic
|
|
|
|
# which can get full speed when more needed services
|
|
|
|
# (e.g. ssh) are not used.
|
|
|
|
#
|
|
|
|
# You can use the value "full" in here for setting
|
|
|
|
# the maximum bandwidth to the defined output bandwidth
|
|
|
|
# of that interface
|
|
|
|
#
|
2006-02-10 16:46:19 +01:00
|
|
|
# PRIORITY The priority in which classes will be serviced by
|
|
|
|
# the packet shaping scheduler and also the priority
|
|
|
|
# in which bandwidth in excess of the rate will be
|
|
|
|
# given to each class.
|
|
|
|
#
|
|
|
|
# Higher priority classes will experience less delay
|
|
|
|
# since they are serviced first. Priority values
|
|
|
|
# are serviced in ascending order (e.g. 0 is higher
|
|
|
|
# priority than 1).
|
2005-08-31 22:48:22 +02:00
|
|
|
#
|
2006-02-10 16:46:19 +01:00
|
|
|
# Classes may be set to the same priority, in which
|
|
|
|
# case they will be serviced as equals.
|
2005-09-28 21:39:47 +02:00
|
|
|
#
|
2005-11-29 17:51:53 +01:00
|
|
|
# OPTIONS A comma-separated list of options including the
|
2005-08-31 22:48:22 +02:00
|
|
|
# following:
|
2005-09-28 21:39:47 +02:00
|
|
|
#
|
|
|
|
# default - this is the default class for that
|
|
|
|
# interface where all traffic should go,
|
2005-08-31 22:48:22 +02:00
|
|
|
# that is not classified otherwise.
|
|
|
|
#
|
2005-09-28 21:39:47 +02:00
|
|
|
# NOTE: defining default for exactly one
|
2005-08-31 22:48:22 +02:00
|
|
|
# class per interface is mandatory!
|
|
|
|
#
|
2006-02-10 16:46:19 +01:00
|
|
|
# tos=0x<value>[/0x<mask>] (mask defaults to 0xff)
|
|
|
|
# - this lets you define a classifier
|
|
|
|
# for the given <value>/<mask> combination
|
|
|
|
# of the IP packet's TOS/Precedence/DiffSrv
|
|
|
|
# octet (aka the TOS byte). Please note,
|
|
|
|
# classifiers override all mark settings,
|
|
|
|
# so if you define a classifer for a class,
|
|
|
|
# all traffic having that mark will go in it
|
|
|
|
# regardless of any mark set on the packet
|
|
|
|
# by a firewall/mangle filter.
|
|
|
|
#
|
|
|
|
# NOTE: multiple tos= statements may be
|
|
|
|
# applied per class and per interface, but
|
|
|
|
# a given value/mask pair is valid for only
|
|
|
|
# ONE class per interface.
|
|
|
|
#
|
|
|
|
# tos-<tosname> - aliases for the following TOS octet
|
|
|
|
# value and mask encodings. TOS encodings
|
|
|
|
# of the "TOS byte" have been deprecated in
|
|
|
|
# favor of diffserve classes, but programs
|
|
|
|
# like ssh, rlogin, and ftp still use them.
|
|
|
|
#
|
|
|
|
# tos-minimize-delay 0x10/0x10
|
|
|
|
# tos-maximize-throughput 0x08/0x08
|
|
|
|
# tos-maximize-reliability 0x04/0x04
|
|
|
|
# tos-minimize-cost 0x02/0x02
|
|
|
|
# tos-normal-service 0x00/0x1e
|
2005-09-28 21:39:47 +02:00
|
|
|
#
|
|
|
|
# NOTE: each of this options is only
|
2005-08-31 22:48:22 +02:00
|
|
|
# valid for ONE class per interface.
|
2005-09-28 21:39:47 +02:00
|
|
|
#
|
2005-08-31 22:48:22 +02:00
|
|
|
# tcp-ack - if defined causes an tc filter to
|
2005-09-28 21:39:47 +02:00
|
|
|
# be created that puts all tcp ack
|
2005-08-31 22:48:22 +02:00
|
|
|
# packets on that interface that have
|
|
|
|
# an size of <=64 Bytes to go in this
|
|
|
|
# class. This is useful for speeding up
|
|
|
|
# downloads. Please note that the size
|
2005-10-04 16:54:20 +02:00
|
|
|
# of the ack packets is limited to 64
|
2005-08-31 22:48:22 +02:00
|
|
|
# bytes as some applications (p2p for
|
2005-10-04 16:54:20 +02:00
|
|
|
# example) use to make every packet an
|
|
|
|
# ack packet which would cause them
|
|
|
|
# all into here. We want only packets
|
2005-08-31 22:48:22 +02:00
|
|
|
# WITHOUT payload to match, so the size
|
|
|
|
# limit.
|
2005-09-28 21:39:47 +02:00
|
|
|
#
|
|
|
|
# NOTE: This option is only valid for
|
2005-08-31 22:48:22 +02:00
|
|
|
# ONE class per interface.
|
|
|
|
#
|
2005-09-28 21:39:47 +02:00
|
|
|
#
|
2005-08-31 22:48:22 +02:00
|
|
|
#
|
|
|
|
# Example 1: Suppose you are using PPP over Ethernet (DSL)
|
2006-02-10 16:46:19 +01:00
|
|
|
# and ppp0 is the interface for this. You have 4 classes here,
|
|
|
|
# the first you can use for voice over IP traffic,
|
|
|
|
# the second interactive traffic (e.g. ssh/telnet but not scp),
|
|
|
|
# the third will be for all unclassified traffic, and the
|
|
|
|
# forth is for low priority traffic (e.g. peer-to-peer).
|
|
|
|
#
|
|
|
|
# The voice traffic in the first class will be guaranteed
|
|
|
|
# a minimum of 100kbps and always be serviced first (because
|
|
|
|
# of the low priority number, giving less delay) and will be
|
|
|
|
# granted excess bandwidth (up to 180kbps, the class ceiling)
|
|
|
|
# first, before any other traffic. A single VOIP stream,
|
|
|
|
# depending upon codecs, after encapsulation, can take up to
|
|
|
|
# 80kbps on a PPOE/DSL link, so we pad a little bit just in
|
|
|
|
# case. (TOS byte values 0xb8 and 0x68 are DiffServ classes
|
|
|
|
# EF and AFF3-1 respectively and are often used by VOIP
|
|
|
|
# devices).
|
|
|
|
#
|
|
|
|
# Interactive traffic (tos-minimum-delay) and TCP acks (and
|
|
|
|
# ICMP echo traffic if you use the example in tcrules) and
|
|
|
|
# any packet with a mark of 2 will be guaranteed 1/4 of the
|
|
|
|
# link bandwidth, and may extend up to full speed of the link.
|
|
|
|
#
|
|
|
|
# Unclassified traffic and packets marked as 3 will be
|
|
|
|
# guaranteed 1/4th of the link bandwidth, and may extend
|
|
|
|
# to the full speed of the link.
|
|
|
|
#
|
|
|
|
# Packets marked with 4 will be treated as low priority
|
|
|
|
# packets. (The tcrules example marks p2p traffic as
|
|
|
|
# such.) If the link is congested, they're only guaranteed
|
|
|
|
# 1/8th of the speed, and even if the link is empty, can
|
|
|
|
# only expand to 80% of link bandwidth just as a precaution
|
|
|
|
# in case there are upstream queues we didn't account for.
|
|
|
|
# This is the last class to get additional bandwidth and
|
|
|
|
# the last to get serviced by the scheduler because of the
|
|
|
|
# low priority.
|
|
|
|
#
|
|
|
|
# ppp0 1 100kbit 180kbit 1 tos=0x68/0xfc,tos=0xb8/0xfc
|
|
|
|
# ppp0 2 full/4 full 2 tcp-ack,tos-minimize-delay
|
|
|
|
# ppp0 3 full/4 full 3 default
|
|
|
|
# ppp0 4 full/8 full*8/10 4
|
2005-08-31 22:48:22 +02:00
|
|
|
#
|
2005-11-29 17:51:53 +01:00
|
|
|
###############################################################################
|
2005-08-31 22:48:22 +02:00
|
|
|
#INTERFACE MARK RATE CEIL PRIORITY OPTIONS
|
|
|
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|