Shorewall users - Jun 2014 - Howto define bandwidthd in shorewall (based rules in tc)

The many years use shorewall, but simple, lan and wan way, but now I'm in
big trouble, excessive users which crashes the modem (which is not a bridge
adsl, but router adsl ), I decided using a script tc rules, it works, but I
would use shorewall for this.

How do? I got confused with the policies tcclasses, tcdevices, tc** in
shorewall. My wan is ADSL 50Mbps guaranteed only 40% download

CentOS release 6.5
Shorewall 4.5.4

### tcdevices (wan/internet)

###############################################################################
#NUMBER:        IN-BANDWITH     OUT-BANDWIDTH   OPTIONS         REDIRECTED
#INTERFACE                                                      INTERFACES
# adsl (it this is correct? The config below)
em1             2500kbit        200kbit
# network (internal)
p2p1            1000mbit        1000mbit

use this script limit for user, bad, but work.

#!/bin/bash
TC=/sbin/tc
IF=p2p1             # Interface
DNLD=1mbit          # DOWNLOAD Limit
UPLD=512kbit          # UPLOAD Limit
IP=192.168.1.95     # Host IP
U32="$TC filter add dev $IF protocol ip parent 1:0 prio 1 u32"

start() {

## what file config in shorewall?
## /etc/shorewall/tc???
    $TC qdisc add dev $IF root handle 1: htb default 30

## /etc/shorewall/tcclasses ???
    $TC class add dev $IF parent 1: classid 1:1 htb rate $DNLD
    $TC class add dev $IF parent 1: classid 1:2 htb rate $UPLD

## and this? /etc/shorewall/tcfilters ???
    $U32 match ip dst $IP/32 flowid 1:1
    $U32 match ip src $IP/32 flowid 1:2

}

...


------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their
applications. Written by three acclaimed leaders in the field, 
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech