Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

shorewall-tos(5) [debian man page]

SHOREWALL-TOS(5)						  [FIXME: manual]						  SHOREWALL-TOS(5)

NAME

       tos - Shorewall Type of Service rules file

SYNOPSIS

       /etc/shorewall/tos

DESCRIPTION

       This file defines rules for setting Type Of Service (TOS). Its use is deprecated, beginning in Shorewall 4.5.1, in favor of the TOS target
       in shorewall-tcrules[1] (5).

       The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in
       the alternate specification syntax).

       SOURCE - {all|address]|all:address|$FW}
	   If all, may optionally be followed by ":" and an IP address, a MAC address, a subnet specification or the name of an interface.

	   Example: all:192.168.2.3

	   MAC addresses must be prefixed with "~" and use "-" as a separator.

	   Example: ~00-A0-C9-15-39-78

       DEST - {all|address]|all:address}
	   Example: 192.168.2.3

       PROTOCOL (proto) - proto-name-or-number
	   Protocol name or number.

       SOURCE PORT(S) (sport) - {-|port|lowport:highport}
	   Source port or port range. If all ports, use "-".

       DEST PORT(S) (dport) - {-|port|lowport:highport}
	   Destination port or port range. If all ports, use "-"

       TOS - tos
	   Must be one of the following;

		       tos-minimize-delay (16)
		       tos-maximize-throughput (8)
		       tos-maximize-reliability (4)
		       tos-minimize-cost (2)
		       tos-normal-service (0)

       MARK - [!]value[/mask][:C]
	   If you don't want to define a test but need to specify anything in the following columns, place a "-" in this field.

	   !
	       Inverts the test (not equal)

	   value
	       Value of the packet or connection mark.

	   mask
	       A mask to be applied to the mark before testing.

	   :C
	       Designates a connection mark. If omitted, the packet mark's value is tested.

FILES

       /etc/shorewall/tos

SEE ALSO

       http://shorewall.net/configuration_file_basics.htm#Pairs

       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
       shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
       shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5),
       shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tunnels(5),
       shorewall-zones(5)

NOTES

	1. shorewall-tcrules
	   http://www.shorewall.net/manpages/shorewall-tcrules.html

[FIXME: source] 						    06/28/2012							  SHOREWALL-TOS(5)

Check Out this Related Man Page

SHOREWALL-MACLIST(5)						  [FIXME: manual]					      SHOREWALL-MACLIST(5)

NAME

       maclist - Shorewall MAC Verification file

SYNOPSIS

       /etc/shorewall/maclist

DESCRIPTION

       This file is used to define the MAC addresses and optionally their associated IP addresses to be allowed to use the specified interface.
       The feature is enabled by using the maclist option in the shorewall-interfaces[1](5) or shorewall-hosts[2](5) configuration file.

       The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in
       the alternate specification syntax).

       DISPOSITION - {ACCEPT|DROP|REJECT}[:log-level]
	   ACCEPT or DROP (if MACLIST_TABLE=filter in shorewall.conf[3](5), then REJECT is also allowed). If specified, the log-level causes
	   packets matching the rule to be logged at that level.

       INTERFACE - interface
	   Network interface to a host.

       MAC - address
	   MAC address of the host -- you do not need to use the Shorewall format for MAC addresses here. If IP ADDRESSESES is supplied then MAC
	   can be supplied as a dash (-)

       IP ADDRESSES (addresses) - [address[,address]...]
	   Optional - if specified, both the MAC and IP address must match. This column can contain a comma-separated list of host and/or subnet
	   addresses. If your kernel and iptables have iprange match support then IP address ranges are also allowed. Similarly, if your kernel
	   and iptables include ipset support than set names (prefixed by "+") are also allowed.

FILES

       /etc/shorewall/maclist

SEE ALSO

       http://shorewall.net/MAC_Validation.html

       http://shorewall.net/configuration_file_basics.htm#Pairs

       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
       shorewall-ipsets(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
       shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
       shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
       shorewall-zones(5)

NOTES

	1. shorewall-interfaces
	   http://www.shorewall.net/manpages/shorewall-interfaces.html

	2. shorewall-hosts
	   http://www.shorewall.net/manpages/shorewall-hosts.html

	3. shorewall.conf
	   http://www.shorewall.net/manpages/shorewall.conf.html

[FIXME: source] 						    06/28/2012						      SHOREWALL-MACLIST(5)
Man Page