diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 3504dee9c..23cf8b877 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -4,7 +4,7 @@ Changes in Shorewall 4.4.19 RC 1
2) Display mangle table in the output from 'shorewall show tc'.
-3) Exit tcpost early if connection is marked.
+3) Allow simple TC to work on both IPv4 and IPv6
Changes in Shorewall 4.4.19 Beta 5
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 4deedde10..800d85653 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -124,6 +124,16 @@ Beta 1
6) The contents of the Netfilter mangle table are now included in the
output from 'shorewall show tc'.
+7) Simple traffic shaping can now have a common configuration between
+ IPv4 and IPv6. To do that:
+
+ - Set TC_ENABLED=Simple in both /etc/shorewall/shorewall.conf and
+ /etc/shorewall6/shorewall6.conf
+ - Configure /etc/shorewall/tcinterfaces.
+ - Leave /etc/shorewall6/tcinterfaces empty.
+ - Configure /etc/shorewall/tcpri (if desired)
+ - Configure /etc/shorewall6/tcpri (if desired)
+
----------------------------------------------------------------------------
I V. R E L E A S E 4 . 4 H I G H L I G H T S
----------------------------------------------------------------------------
diff --git a/docs/simple_traffic_shaping.xml b/docs/simple_traffic_shaping.xml
index 9829831c9..e2d2488fa 100644
--- a/docs/simple_traffic_shaping.xml
+++ b/docs/simple_traffic_shaping.xml
@@ -55,7 +55,7 @@
discipline (qdisc). From tc-pfifo_fast (8):
- The algorithm is very similar to that of the classful tc-prio(8)
+ The algorithm is very similar to that of the classful tc-prio(8)
qdisc. pfifo_fast is like three tc-pfifo(8) queues side by side, where
packets can be enqueued in any of the three bands based on their Type of
Service bits or assigned priority.
@@ -69,7 +69,7 @@
are instead dropped.See tc-prio(8) for complete details on how TOS bits are translated
- into bands.
+ into bands.
In other words, if all you want is strict priority queuing, then do
@@ -290,6 +290,61 @@ tun0 Internal
point where latency is acceptable.
+
+ Combined IPv4/IPv6 Simple TC Configuration
+
+ Beginning with Shorewall 4.4.19, a combined configuration is
+ possible. To do that:
+
+
+
+ Set TC_ENABLED=Simple in both
+ /etc/shorewall/shorewall.conf and
+ /etc/shorewall6/shorewall6.conf.
+
+
+
+ Configure your interface(s) in
+ /etc/shorewall/tcinterfaces.
+
+
+
+ Add entries to /etc/shorewall/tcpri and
+ /etc/shorewall6/tcpri as desired. Entries in the
+ former classify IPv4 traffic and entries in the latter classify IPv6
+ traffic.
+
+
+
+ Example:
+
+ /etc/shorewall/tcinterfaces#INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH
+eth0 External 50mbit:200kb 6.0mbit:100kb:200ms:100mbit:1516
+etc/shorewall/tcpri:
+
+ #BAND PROTO PORT(S) ADDRESS INTERFACE HELPER
+COMMENT All DMZ traffic in band 3 by default
+3 - - 70.90.191.124/31
+COMMENT Bit Torrent is in band 3
+3 ipp2p:all bit
+COMMENT But give a boost to DNS queries
+2 udp 53
+COMMENT And place echo requests in band 1 to avoid false line-down reports
+1 icmp 8
+
+
+ etc/shorewall6/tcpri:
+
+ #BAND PROTO PORT(S) ADDRESS INTERFACE HELPER
+COMMENT All DMZ traffic in band 3 by default
+3 - - 2001:470:b:227::40/124
+COMMENT But give a boost to DNS queries
+2 udp 53
+COMMENT And place echo requests in band 1 to avoid false line-down reports
+1 icmp 8
+
+
+
Additional Reading
diff --git a/docs/traffic_shaping.xml b/docs/traffic_shaping.xml
index 36f6aa51c..7e1473384 100644
--- a/docs/traffic_shaping.xml
+++ b/docs/traffic_shaping.xml
@@ -153,12 +153,6 @@
IFB can result in queues building up both at your ISPs router and at your
own.
- If you wish to shape downloads, you can also configure traffic
- shaping on your firewall's local interface. An example appears below. Again, however, this can result in queues building up both at your ISPs router
- and at your own.
-
You shape and control outgoing traffic by assigning the traffic to
classes. Each class is associated with exactly one
network interface and has a number of attributes:
@@ -1786,59 +1780,6 @@ eth0 - 1000kbit hfsc
-
- Shaping Download Traffic
-
- As stated at the outset, traffic shaping works on traffic being sent
- by the firewall. Download traffic from the Internet to local hosts is sent
- by the firewall over a local interface. So it follows that if you want to
- shape such traffic, you must configure shaping on the local
- interface.
-
- Shaping of download traffic is most straightforward when there are
- only two interface. That way, traffic leaving the local interface falls
- into only two broad categories:
-
-
-
- Traffic being forwarded from the Internet
-
-
-
- Traffic that originated on the firewall itself
-
-
-
- In general, you will want to shape the forwarded traffic and leave
- the local traffic unrestricted.
-
- Extending the simple example
- above:
-
- /etc/shorewall/tcdevices:#INTERFACE IN-BANDWITH OUT-BANDWIDTH
-ppp0 6000kbit 700kbit
-eth1 - 100mbit
-
- /etc/shorewall/tcclasses:#INTERFACE MARK RATE CEIL PRIORITY OPTIONS
-ppp0 1 10kbit 50kbit 1 tcp-ack,tos-minimize-delay
-ppp0 2 300kbit full 2
-ppp0 3 300kbit full 2
-ppp0 4 90kbit 200kbit 3 default
-eth1 1 100kbit 500kbit 1 tcp-ack
-eth1 2 3mbit 6mbit 2
-eth1 3 3mbit 6mbit 3
-eth1 4 94mbit full 4 default #for local traffic
-
- /etc/shorewall/tcrules:#MARK SOURCE DEST PROTO PORT(S) CLIENT USER
-# PORT(S)
-1:F 0.0.0.0/0 0.0.0.0/0 icmp echo-request
-1:F 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
-2:F 192.168.2.23 0.0.0.0/0 all
-3:F 192.168.2.42 0.0.0.0/0 all
-2:F ppp0 192.168.2.23 all
-3:F ppp0 192.168.2.42 all
-
-
Intermediate Functional Block (IFB) Devices