fw(8) — Linux manual page


Firewall mark classifier in tc(8)   Linux  Firewall mark classifier in tc(8)

NAME         top

       fw - fwmark traffic control filter

SYNOPSIS         top

       tc filter ... fw [ classid CLASSID ] [ action ACTION_SPEC ]

DESCRIPTION         top

       the fw filter allows to classify packets based on a previously set
       fwmark by iptables.  If it is identical to the filter's handle, the
       filter matches.  iptables allows to mark single packets with the MARK
       target, or whole connections using CONNMARK.  The benefit of using
       this filter instead of doing the heavy-lifting with tc itself is that
       on one hand it might be convenient to keep packet filtering and
       classification in one place, possibly having to match a packet just
       once, and on the other users familiar with iptables but not tc will
       have a less hard time adding QoS to their setups.

OPTIONS         top

       classid CLASSID
              Push matching packets to the class identified by CLASSID.

       action ACTION_SPEC
              Apply an action from the generic actions framework on matching

EXAMPLES         top

       Take e.g. the following tc filter statement:

              tc filter add ... handle 6 fw classid 1:1

       will match if the packet's fwmark value is 6.  This is a sample ipta‐
       bles statement marking packets coming in on eth0:

              iptables -t mangle -A PREROUTING -i eth0 -j MARK --set-mark 6

SEE ALSO         top

       tc(8), iptables(8), iptables-extensions(8)

COLOPHON         top

       This page is part of the iproute2 (utilities for controlling TCP/IP
       networking and traffic) project.  Information about the project can
       be found at 
       If you have a bug report for this manual page, send it to
       netdev@vger.kernel.org, shemminger@osdl.org.  This page was obtained
       from the project's upstream Git repository
       ⟨https://git.kernel.org/pub/scm/network/iproute2/iproute2.git⟩ on
       2020-09-18.  (At that time, the date of the most recent commit that
       was found in the repository was 2020-09-14.)  If you discover any
       rendering problems in this HTML version of the page, or you believe
       there is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to

iproute2                         21 Oct 2015Firewall mark classifier in tc(8)