#!/bin/sh # # Shorewall 3.2 -- /usr/share/shorewall/clib.tcrules # # This program is under GPL [http://www.gnu.org/copyleft/gpl.htm] # # (c) 2005,2006 - Tom Eastep (teastep@shorewall.net) # # Complete documentation is available at http://shorewall.net # # This program is free software; you can redistribute it and/or modify # it under the terms of Version 2 of the GNU General Public License # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # # Generate a command to run tc # run_tc() { save_command run_tc $@ } # # Setup queuing and classes # setup_tc1() { local mark_part= # # Create the TC mangle chains # createmanglechain tcpre if [ -n "$MANGLE_FORWARD" ]; then createmanglechain tcfor createmanglechain tcpost fi createmanglechain tcout # # Process the TC Rules File # strip_file tcrules while read mark sources dests proto ports sports user testval length tos; do expandv mark sources dests proto ports sports user testval length tos rule=$(echo "$mark $sources $dests $proto $ports $sports $user $testval $length $tos") process_tc_rule done < $TMP_DIR/tcrules # # Link to the TC mangle chains from the main chains # # # Route marks are restored in PREROUTING/OUTPUT prior to these rules. We only send # packets that are not part of a marked connection to the 'tcpre/tcout' chains. # if [ -n "$ROUTEMARK_INTERFACES" -a -z "$TC_EXPERT" ]; then mark_part="-m mark --mark 0/0xFF00" # # But let marks in tcpre override those assigned by 'track' # for interface in $ROUTEMARK_INTERFACES; do run_iptables -t mangle -A PREROUTING -i $interface -j tcpre done fi run_iptables -t mangle -A PREROUTING $mark_part -j tcpre run_iptables -t mangle -A OUTPUT $mark_part -j tcout if [ -n "$MANGLE_FORWARD" ]; then run_iptables -t mangle -A FORWARD -j tcfor run_iptables -t mangle -A POSTROUTING -j tcpost fi if [ -n "$HIGH_ROUTE_MARKS" ]; then for chain in INPUT FORWARD; do run_iptables -t mangle -I $chain -j MARK --and-mark 0xFF done fi if [ -n "$TC_SCRIPT" ]; then save_progress_message "Setting up Traffic Control..." append_file $TC_SCRIPT elif [ -n "$TC_ENABLED" ]; then setup_traffic_shaping fi } setup_tc() { progress_message2 "$DOING Traffic Control Rules..." setup_tc1 } # # Clear Traffic Shaping # delete_tc() { clear_one_tc() { save_command "tc qdisc del dev $1 root 2> /dev/null" save_command "tc qdisc del dev $1 ingress 2> /dev/null" } save_progress_message "Clearing Traffic Control/QOS" append_file tcclear indent >&3 << __EOF__ ip link list | while read inx interface details; do case \$inx in [0-9]*) qt tc qdisc del dev \${interface%:} root qt tc qdisc del dev \${interface%:} ingress ;; *) ;; esac done __EOF__ } CLIB_TCRULES_LOADED=Yes