shorewall_code/Shorewall/route_rules

71 lines
2.4 KiB
Plaintext
Raw Normal View History

#
# Shorewall version 3.3 - route_rules File
#
# /etc/shorewall/route_rules
#
# Entries in this file cause traffic to be routed to one of the
# providers listed in /etc/shorewall/providers.
#
# Columns are:
#
# SOURCE(optional)
# An ip address (network or host) that
# matches the source IP address in a packet.
# May also be specified as an interface
# name optionally followed by ":" and an
# address. If the device 'lo' is specified,
# the packet must originate from the firewall
# itself.
#
# DEST(optional) An ip address (network or host) that
# matches the destination IP address in a packet.
#
# If you choose to omit either SOURCE or DEST,
# place "-" in that column. Note that you
# may not omit both SOURCE and DEST.
#
# PROVIDER The provider to route the traffic through.
# May be expressed either as the provider name
# or the provider number. May also be 'main'
# or 254 for the main routing table. This can
# be used in combination with VPN tunnels, see
# example 2 below.
#
# PRIORITY
# The rule's priority which determines the order
# in which the rules are processed.
#
# 1000-1999 Before Shorewall-generated
# 'MARK' rules
#
# 11000- 11999 After 'MARK' rules but before
# Shorewall-generated rules for
# ISP interfaces.
#
# 26000-26999 After ISP interface rules but
# before 'default' rule.
#
# Rules with equal priority are applied in
# the order in which they appear in the file.
#
# Example 1: You want all traffic coming in on eth1 to be routed to the ISP1
# provider:
#
# #SOURCE DEST PROVIDER PRIORITY
# eth1 - ISP1 1000
#
# Example 2: You use OpenVPN (routed setup /tunX) in combination with multiple
# providers. In this case you have to set up a rule to ensure that
# the OpenVPN traffic is routed back through the tunX interface(s)
# rather than through any of the providers. 10.8.0.0/24 is the
# subnet choosen in your OpenVPN configuration (server 10.8.0.0
# 255.255.255.0)
#
# #SOURCE DEST PROVIDER PRIORITY
# - 10.8.0.0/24 main 1000
#
# For additional information, see http://www.shorewall.net/MultiISP.html
##############################################################################
#SOURCE DEST PROVIDER PRIORITY
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE