diff --git a/Shorewall-docs/traffic_shaping.xml b/Shorewall-docs/traffic_shaping.xml
index 85bc3f23e..defe36811 100755
--- a/Shorewall-docs/traffic_shaping.xml
+++ b/Shorewall-docs/traffic_shaping.xml
@@ -66,8 +66,8 @@
/etc/shorewall/tcstart - A
- user-supplied file that is sourced by Shorewall during "shorewall
- start" and which you can use to define your traffic shaping
+ user-supplied file that is sourced by Shorewall during shorewall
+ start
and which you can use to define your traffic shaping
disciplines and classes. I have provided a sample that
does table-driven CBQ shaping but if you read the traffic shaping
@@ -79,8 +79,8 @@
As of 2.4.20, HTB is a standard part of the kernel but iproute2 must
be patched in order to use it.
- In tcstart, when you want to run the 'tc' utility, use
- the run_tc function supplied by shorewall if you want tc errors to
+ In tcstart, when you want to run the tc
utility,
+ use the run_tc function supplied by shorewall if you want tc errors to
stop the firewall.
You can generally use off-the-shelf traffic shaping scripts by
@@ -101,8 +101,7 @@
/etc/shorewall/tcclear - A
user-supplied file that is sourced by Shorewall when it is clearing
traffic shaping. This file is normally not required as Shorewall's
- method of clearing qdisc and filter definitions is pretty general.
-
+ method of clearing qdisc and filter definitions is pretty general.
@@ -119,17 +118,18 @@
Supply an /etc/shorewall/tcstart script to configure your
- traffic shaping rules.
+ traffic shaping rules.
Optionally supply an /etc/shorewall/tcclear script to stop
- traffic shaping. That is usually unnecessary.
+ traffic shaping. That is usually unnecessary.
- If your tcstart script uses the 'fwmark' classifier, you
- can mark packets using entries in /etc/shorewall/tcrules.
+ If your tcstart script uses the fwmark
+ classifier, you can mark packets using entries in
+ /etc/shorewall/tcrules.
@@ -145,12 +145,13 @@
Do not supply /etc/shorewall/tcstart or /etc/shorewall/tcclear
- scripts.
+ scripts.
- If your tcstart script uses the 'fwmark' classifier, you
- can mark packets using entries in /etc/shorewall/tcrules.
+ If your tcstart script uses the fwmark
+ classifier, you can mark packets using entries in
+ /etc/shorewall/tcrules.
@@ -182,19 +183,19 @@
MARK - Specifies the mark value is to be assigned in case of a
match. This is an integer in the range 1-255. Beginning with Shorewall
- version 1.3.14, this value may be optionally followed by ":"
- and either 'F' or 'P' to designate that the marking
- will occur in the FORWARD or PREROUTING chains respectively. If this
- additional specification is omitted, the chain used to mark packets
- will be determined by the setting of the MARK_IN_FORWARD_CHAIN option
- in shorewall.conf.
+ version 1.3.14, this value may be optionally followed by
+ :
and either F
or P
to
+ designate that the marking will occur in the FORWARD or PREROUTING
+ chains respectively. If this additional specification is omitted, the
+ chain used to mark packets will be determined by the setting of the
+ MARK_IN_FORWARD_CHAIN option in shorewall.conf.
SOURCE - The source of the packet. If the packet originates on
- the firewall, place "fw" in this column. Otherwise, this is a
- comma-separated list of interface names, IP addresses, MAC addresses
- in Shorewall Format and/or Subnets.
+ the firewall, place fw
in this column. Otherwise, this
+ is a comma-separated list of interface names, IP addresses, MAC
+ addresses in Shorewall Format and/or Subnets.
Examples eth0
192.168.2.4,192.168.1.0/24
@@ -207,20 +208,20 @@
PROTO - Protocol - Must be the name of a protocol from
- /etc/protocol, a number or "all"
+ /etc/protocol, a number or all
PORT(S) - Destination Ports. A comma-separated list of Port
names (from /etc/services), port numbers or port ranges (e.g., 21:22);
- if the protocol is "icmp", this column is interpreted as the
- destination icmp type(s).
+ if the protocol is icmp
, this column is interpreted as
+ the destination icmp type(s).
CLIENT PORT(S) - (Optional) Port(s) used by the client. If
omitted, any source port is acceptable. Specified as a comma-separate
- list of port names, port numbers or port ranges.
+ list of port names, port numbers or port ranges.
@@ -420,21 +421,21 @@
run_tc qdisc add dev eth0 root handle 1: htb default 30
run_tc class add dev eth0 parent 1: classid 1:1 htb rate 384kbit burst 15k
-echo " Added Top Level Class -- rate 384kbit"
+echo Added Top Level Class -- rate 384kbit
run_tc class add dev eth0 parent 1:1 classid 1:10 htb rate 140kbit ceil 384kbit burst 15k prio 1
run_tc class add dev eth0 parent 1:1 classid 1:20 htb rate 224kbit ceil 384kbit burst 15k prio 0
run_tc class add dev eth0 parent 1:1 classid 1:30 htb rate 20kbit ceil 384kbit burst 15k quantum 1500 prio 1
-echo " Added Second Level Classes -- rates 140kbit, 224kbit, 20kbit"
+echo Added Second Level Classes -- rates 140kbit, 224kbit, 20kbit
run_tc qdisc add dev eth0 parent 1:10 pfifo limit 5run_tc qdisc add dev eth0 parent 1:20 pfifo limit 10
run_tc qdisc add dev eth0 parent 1:30 pfifo limit 5
-echo " Enabled PFIFO on Second Level Classes"
+echo Enabled PFIFO on Second Level Classes
run_tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 1 fw classid 1:10
run_tc filter add dev eth0 protocol ip parent 1:0 prio 0 handle 2 fw classid 1:20
run_tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 3 fw classid 1:30
-echo " Defined fwmark filters"
+echo Defined fwmark filters
@@ -446,12 +447,12 @@ echo " Defined fwmark filters"
I wanted to allow up to 140kbits/second for traffic outbound
from my DMZ (eth1 -- note that the ceiling is set to 384kbit so
outbound DMZ traffic can use all available bandwidth if there is no
- traffic from the local systems or from my laptop or firewall).
+ traffic from the local systems or from my laptop or firewall).
My laptop (which at that time connected via eth3) and local
- systems (eth2) could use up to 224kbits/second.
+ systems (eth2) could use up to 224kbits/second.