<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>shorewall-tos</title><link rel="stylesheet" href="html.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.73.2" /></head><body><div class="refentry" lang="en" xml:lang="en"><a id="id257168"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>tos — Shorewall Type of Service rules file</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">/etc/shorewall/tos</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257199"></a><h2>Description</h2><p>This file defines rules for setting Type Of Service (TOS)</p><p>The columns in the file are as follows.</p><div class="variablelist"><dl><dt><span class="term"><span class="bold"><strong>SOURCE</strong></span> -
        {<span class="emphasis"><em>zone</em></span>[<span class="bold"><strong>:</strong></span><span class="emphasis"><em>address</em></span>]|<span class="bold"><strong>all</strong></span>|<span class="bold"><strong>$FW</strong></span>}
        (Shorewall-shell)</span></dt><dd><p>Name of a <em class="replaceable"><code>zone</code></em> declared in <a class="ulink" href="shorewall-zones.html" target="_self">shorewall-zones</a>(5), <span class="bold"><strong>all</strong></span> or <span class="bold"><strong>$FW</strong></span>.</p><p>If not <span class="bold"><strong>all</strong></span> or <span class="bold"><strong>$FW</strong></span>, may optionally be followed by ":" and an
          IP address, a MAC address, a subnet specification or the name of an
          interface.</p><p>Example: loc:192.168.2.3</p><p>MAC addresses must be prefixed with "~" and use "-" as a
          separator.</p><p>Example: ~00-A0-C9-15-39-78</p></dd><dt><span class="term"><span class="bold"><strong>SOURCE</strong></span> - {<span class="bold"><strong>all</strong></span>|<span class="emphasis"><em>address</em></span>]|<span class="bold"><strong>all</strong></span>:<span class="emphasis"><em>address</em></span>|<span class="bold"><strong>$FW</strong></span>} (Shorewall-perl)</span></dt><dd><p>If <span class="bold"><strong>all</strong></span>, may optionally be
          followed by ":" and an IP address, a MAC address, a subnet
          specification or the name of an interface.</p><p>Example: all:192.168.2.3</p><p>MAC addresses must be prefixed with "~" and use "-" as a
          separator.</p><p>Example: ~00-A0-C9-15-39-78</p></dd><dt><span class="term"><span class="bold"><strong>DEST</strong></span> -
        {<span class="emphasis"><em>zone</em></span>[<span class="bold"><strong>:</strong></span><span class="emphasis"><em>address</em></span>]|<span class="bold"><strong>all</strong></span>} (Shorewall-shell)</span></dt><dd><p>Name of a zone declared in <a class="ulink" href="shorewall-zones.html" target="_self">shorewall-zones</a>(5) or <span class="bold"><strong>all</strong></span>.</p><p>If not <span class="bold"><strong>all</strong></span>, may optionally be
          followed by ":" and an IP address or a subnet specification</p><p>Example: loc:192.168.2.3</p></dd><dt><span class="term"><span class="bold"><strong>DEST</strong></span> - {<span class="bold"><strong>all</strong></span>|<span class="emphasis"><em>address</em></span>]|<span class="bold"><strong>all</strong></span>:<span class="emphasis"><em>address</em></span>}
        (Shorewall-perl)</span></dt><dd><p>Example: 192.168.2.3</p></dd><dt><span class="term"><span class="bold"><strong>PROTOCOL</strong></span> -
        <span class="emphasis"><em>proto-name-or-number</em></span></span></dt><dd><p>Protocol name or number.</p></dd><dt><span class="term"><span class="bold"><strong>SOURCE PORT(S)</strong></span> -
        {-|<span class="emphasis"><em>port</em></span>|<span class="emphasis"><em>lowport</em></span><span class="bold"><strong>:</strong></span><span class="emphasis"><em>highport</em></span>}</span></dt><dd><p>Source port or port range. If all ports, use "-".</p></dd><dt><span class="term"><span class="bold"><strong>DEST PORT(S)</strong></span> -
        {-|<span class="emphasis"><em>port</em></span>|<span class="emphasis"><em>lowport</em></span><span class="bold"><strong>:</strong></span><span class="emphasis"><em>highport</em></span>}</span></dt><dd><p>Destination port or port range. If all ports, use "-"</p></dd><dt><span class="term"><span class="bold"><strong>TOS</strong></span> -
        <span class="emphasis"><em>tos</em></span></span></dt><dd><p>Must be one of the following;</p><pre class="programlisting">        <span class="bold"><strong>tos-minimize-delay</strong></span> (16)
        <span class="bold"><strong>tos-maximize-throughput</strong></span> (8)
        <span class="bold"><strong>tos-maximize-reliability</strong></span> (4)
        <span class="bold"><strong>tos-minimize-cost</strong></span> (2)
        <span class="bold"><strong>tos-normal-service</strong></span> (0)</pre></dd><dt><span class="term"><span class="bold"><strong>MARK</strong></span> - [<span class="bold"><strong>!</strong></span>]<span class="emphasis"><em>value</em></span>[/<span class="emphasis"><em>mask</em></span>][<span class="bold"><strong>:C</strong></span>]</span></dt><dd><p>If you don't want to define a test but need to specify
          anything in the following columns, place a "-" in this field.</p><div class="variablelist"><dl><dt><span class="term">!</span></dt><dd><p>Inverts the test (not equal)</p></dd><dt><span class="term"><span class="emphasis"><em>value</em></span></span></dt><dd><p>Value of the packet or connection mark.</p></dd><dt><span class="term"><span class="emphasis"><em>mask</em></span></span></dt><dd><p>A mask to be applied to the mark before testing.</p></dd><dt><span class="term"><span class="bold"><strong>:C</strong></span></span></dt><dd><p>Designates a connection mark. If omitted, the packet
                mark's value is tested. This option is only supported by
                Shorewall-perl.</p></dd></dl></div></dd></dl></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257850"></a><h2>FILES</h2><p>/etc/shorewall/tos</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257860"></a><h2>See ALSO</h2><p>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
    shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
    shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
    shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
    shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
    shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5),
    shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
    shorewall-tcrules(5), shorewall-tunnels(5), shorewall-zones(5)</p></div></div></body></html>