diff --git a/manpages/shorewall-tcfilters.xml b/manpages/shorewall-tcfilters.xml
index 3e9b571d7..2e27d39dc 100644
--- a/manpages/shorewall-tcfilters.xml
+++ b/manpages/shorewall-tcfilters.xml
@@ -26,6 +26,37 @@
Entries in this file cause packets to be classified for traffic
shaping.
+ Beginning with Shorewall 4.4.15, the file may contain entries for
+ both IPv4 and IPv6. By default, all rules apply to IPv4 but that can be
+ changed by inserting a line as follows:
+
+
+
+ IPV4
+
+
+ Following entriess apply to IPv4.
+
+
+
+
+ IPV6
+
+
+ Following entries apply to IPv6
+
+
+
+
+ ALL
+
+
+ Following entries apply to both IPv4 and IPv6. Each entry is
+ processed twice; once for IPv4 and once for IPv6.
+
+
+
+
The columns in the file are as follows.
@@ -60,14 +91,9 @@
role="bold">-|address}}
- Destination of the packet. Comma separated list of IP
- addresses and/or subnets. If your kernel and iptables include
- iprange match support, IP address ranges are also allowed. List
- elements may also consist of an interface name followed by ":" and
- an address (e.g., eth1:192.168.1.0/24). If the MARK column specificies a classification of
- the form major:minor then
- this column may also contain an interface name.
+ Destination of the packet. May be a host or network
+ address. DNS names are not
+ allowed.You may exclude certain hosts from the set already defined
through use of an exclusion (see Example 1:
- Place all ICMP echo traffic on interface 1 in class 10.
+ Place all 'ping' traffic on interface 1 in class 10. Note that
+ ALL cannot be used because IPv4 ICMP and IPv6 ICMP are two different
+ protocols. #CLASS SOURCE DEST PROTO DEST
# PORT
+
+ IPV4
+
1:10 0.0.0.0/0 0.0.0.0/0 icmp echo-request
- 1:10 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
+ 1:10 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
+
+ IPV6
+
+ 1:10 ::/0 ::/0 icmp6 echo-request
+ 1:10 ::/0 ::/0 icmp6 echo-reply
@@ -204,12 +240,12 @@
shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-ecn(5), shorewall-exclusion(5),
- shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5),
- shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5),
- shorewall-params(5), shorewall-policy(5), shorewall-providers(5),
- shorewall-proxyarp(5), shorewall-route_rules(5),
- shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5),
- shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tos(5),
- shorewall-tunnels(5), shorewall-zones(5)
+ shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5),
+ shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
+ shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
+ shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_rules(5),
+ shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
+ shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
+ shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
diff --git a/manpages6/shorewall6-tcfilters.xml b/manpages6/shorewall6-tcfilters.xml
new file mode 100644
index 000000000..6c67d4078
--- /dev/null
+++ b/manpages6/shorewall6-tcfilters.xml
@@ -0,0 +1,239 @@
+
+
+
+
+ shorewall6-tcfilters
+
+ 5
+
+
+
+ tcfilters
+
+ shorewall6 u32 classifier rules file
+
+
+
+
+ /etc/shorewall6/tcfilters
+
+
+
+
+ Description
+
+ Entries in this file cause packets to be classified for traffic
+ shaping.
+
+ Beginning with Shorewall 4.4.15, the file may contain entries for
+ both IPv4 and IPv6. By default, all rules apply to IPv6 but that can be
+ changed by inserting a line as follows:
+
+
+
+ IPV4
+
+
+ Following entriess apply to IPv4.
+
+
+
+
+ IPV6
+
+
+ Following entries apply to IPv6
+
+
+
+
+ ALL
+
+
+ Following entries apply to both IPv4 and IPv6. Each entry is
+ processed twice; once for IPv4 and once for IPv6.
+
+
+
+
+ The columns in the file are as follows.
+
+
+
+ CLASS -
+ interface:class
+
+
+ The name or number of an interface
+ defined in shorewall6-tcdevices(5)
+ followed by a class number defined for
+ that interface in shorewall6-tcclasses(5).
+
+
+
+
+ SOURCE - {-|address}
+
+
+ Source of the packet. May be a host or network
+ address. DNS names are not
+ allowed.
+
+
+
+
+ DEST - {-|address}}
+
+
+ Destination of the packet. May be a host or network
+ address. DNS names are not
+ allowed.
+
+
+
+
+ PROTO - {-|protocol-number|protocol-name|all}
+
+
+ Protocol.
+
+
+
+
+ DEST PORT (Optional) -
+ [-|port-name-or-number]
+
+
+ Destination Ports. A Port name (from services(5)) or a
+ port number; if the protocol is icmp, this column is interpreted as the
+ destination icmp-type(s).
+
+
+
+
+ SOURCE PORT (Optional) -
+ [-|port-name-or-number]
+
+
+ Source port.
+
+
+
+
+ TOS (Optional) - [-|tos]
+
+
+ Specifies the value of the TOS field. The
+ tos value can be any of the
+ following:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ hex-number
+
+
+
+ hex-number/hex-number
+
+
+
+ The hex-numbers must be exactly two
+ digits (e.g., 0x04)x.
+
+
+
+
+ LENGTH (Optional) - [-|number]
+
+
+ Must be a power of 2 between 32 and 8192 inclusive. Packets
+ with a total length that is strictly less than the specified
+ number will match the rule.
+
+
+
+
+
+
+ Example
+
+
+
+ Example 1:
+
+
+ Place all 'ping' traffic on interface 1 in class 10. Note that
+ ALL cannot be used because IPv4 ICMP and IPv6 ICMP are two different
+ protocols.
+
+ #CLASS SOURCE DEST PROTO DEST
+ # PORT
+
+ IPV4
+
+ 1:10 0.0.0.0/0 0.0.0.0/0 icmp echo-request
+ 1:10 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
+
+ IPV6
+
+ 1:10 ::/0 ::/0 icmp6 echo-request
+ 1:10 ::/0 ::/0 icmp6 echo-reply
+
+
+
+
+
+
+ FILES
+
+ /etc/shorewall6/tcfilters
+
+
+
+ See ALSO
+
+ http://shorewall.net/traffic_shaping.htm
+
+ http://shorewall.net/MultiISP.html
+
+ http://shorewall.net/PacketMarking.html
+
+
+
+