2006-06-03 17:16:21 +02:00
|
|
|
###############################################################################
|
2006-07-21 18:37:00 +02:00
|
|
|
# /etc/shorewall-lite/shorewall.conf V3.2 - Change the following variables to
|
2006-06-03 17:16:21 +02:00
|
|
|
# match your setup
|
|
|
|
|
#
|
|
|
|
|
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
|
|
|
|
#
|
2006-06-09 19:57:56 +02:00
|
|
|
# This file should be placed in /etc/shorewall-lite
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
|
|
|
|
# (c) 2006 - Tom Eastep (teastep@shorewall.net)
|
|
|
|
|
#
|
|
|
|
|
###############################################################################
|
|
|
|
|
# V E R B O S I T Y
|
|
|
|
|
###############################################################################
|
|
|
|
|
#
|
|
|
|
|
# Shorewall has traditionally been very noisy. You may now set the default
|
|
|
|
|
# level of verbosity here.
|
|
|
|
|
#
|
|
|
|
|
# Values are:
|
|
|
|
|
#
|
|
|
|
|
# 0 -- Silent. You may make it more verbose using the -v option
|
|
|
|
|
# 1 -- Major progress messages displayed
|
|
|
|
|
# 2 -- All progress messages displayed (old default behavior)
|
|
|
|
|
#
|
|
|
|
|
# If not specified, then 2 is assumed
|
|
|
|
|
|
|
|
|
|
VERBOSITY=1
|
|
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
|
# L O G G I N G
|
|
|
|
|
###############################################################################
|
|
|
|
|
#
|
|
|
|
|
# LOG FILE LOCATION
|
|
|
|
|
#
|
2006-06-14 15:52:54 +02:00
|
|
|
# This variable tells the /sbin/shorewall-lite program where to look for Shorewall
|
|
|
|
|
# Lite log messages. If not set or set to an empty string (e.g., LOGFILE="") then
|
2006-06-03 17:16:21 +02:00
|
|
|
# /var/log/messages is assumed.
|
|
|
|
|
#
|
2006-06-14 15:52:54 +02:00
|
|
|
# WARNING: The LOGFILE variable simply tells the 'shorewall-lite' program where
|
|
|
|
|
# to look for Shorewall messages.It does NOT control the destination for
|
2006-06-03 17:16:21 +02:00
|
|
|
# these messages. For information about how to do that, see
|
|
|
|
|
#
|
|
|
|
|
# http://www.shorewall.net/shorewall_logging.html
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
LOGFILE=/var/log/messages
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# LOG FORMAT
|
|
|
|
|
#
|
2006-06-14 15:52:54 +02:00
|
|
|
# Shell 'printf' Formatting template for the --log-prefix value in log messages
|
|
|
|
|
# generated by Shorewall Lite to identify Shorewall Lite log messages. The
|
|
|
|
|
# value specified here will be used when generating log messages provided that
|
|
|
|
|
# no value was supplied for LOGFORMAT in the shorewall.conf used to compile
|
|
|
|
|
# the firewall script.
|
|
|
|
|
#
|
|
|
|
|
# The supplied template is expected to accept either two or three arguments;
|
|
|
|
|
# the first is the chain name, the second (optional) is the logging rule number
|
|
|
|
|
# within that chain and the third is the ACTION specifying the disposition of
|
|
|
|
|
# the packet being logged. You must use the %d formatting type for the rule
|
|
|
|
|
# number; if your template does not contain %d then the rule number will not be
|
|
|
|
|
# included.
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
|
|
|
|
# If you want to integrate Shorewall with fireparse, then set LOGFORMAT as:
|
|
|
|
|
#
|
2006-06-14 15:52:54 +02:00
|
|
|
# LOGFORMAT="fp=%s:%d a=%s "
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
|
|
|
|
# If not specified or specified as empty (LOGFORMAT="") then the value
|
2006-06-14 15:52:54 +02:00
|
|
|
# "Shorewall:%s:%s:" is assumed.
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
2006-06-14 15:52:54 +02:00
|
|
|
# CAUTION: /sbin/shorewall-lite uses the leading part of the LOGFORMAT string
|
|
|
|
|
# (up to but not including the first '%') to find log messages in the 'show log',
|
|
|
|
|
# 'status' and 'hits' commands. This part should not be omitted (the
|
|
|
|
|
# LOGFORMAT should not begin with "%") and the leading part should be
|
|
|
|
|
# sufficiently unique for /sbin/shorewall-lite to identify Shorewall Lite
|
|
|
|
|
# messages.
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
|
|
|
|
|
2006-06-14 15:52:54 +02:00
|
|
|
LOGFORMAT="Shorewall:%s:%s:"
|
2006-06-03 17:16:21 +02:00
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
|
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
|
|
|
|
|
###############################################################################
|
|
|
|
|
#
|
|
|
|
|
# IPTABLES
|
|
|
|
|
#
|
|
|
|
|
# Full path to iptables executable Shorewall uses to build the firewall. If
|
|
|
|
|
# not specified or if specified with an empty value (e.g., IPTABLES="") then
|
|
|
|
|
# the iptables executable located via the PATH setting below is used.
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
IPTABLES=
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# PATH - Change this if you want to change the order in which Shorewall
|
|
|
|
|
# searches directories for executable files.
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# SHELL
|
|
|
|
|
#
|
|
|
|
|
# The firewall script is normally interpreted by /bin/sh. If you wish to change
|
|
|
|
|
# the shell used to interpret that script, specify the shell here.
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
SHOREWALL_SHELL=/bin/sh
|
|
|
|
|
|
|
|
|
|
# SUBSYSTEM LOCK FILE
|
|
|
|
|
#
|
|
|
|
|
# Set this to the name of the lock file expected by your init scripts. For
|
2006-06-14 17:06:19 +02:00
|
|
|
# RedHat, this should be /var/lock/subsys/shorewall-lite. If your init scripts
|
|
|
|
|
# don't use lock files, set this to "".
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
|
|
|
|
|
2006-06-13 16:55:03 +02:00
|
|
|
SUBSYSLOCK=/var/lock/subsys/shorewall-lite
|
2006-06-03 17:16:21 +02:00
|
|
|
|
2006-06-13 23:07:46 +02:00
|
|
|
# RESTORE SCRIPT
|
|
|
|
|
#
|
|
|
|
|
# This option determines the script to be run in the following cases:
|
|
|
|
|
#
|
|
|
|
|
# shorewall-lite -f start
|
|
|
|
|
# shorewall-lite restore
|
|
|
|
|
# shorewall-lite save
|
|
|
|
|
# shorewall-lite forget
|
2006-06-14 15:11:04 +02:00
|
|
|
# Failure of shorewall-lite start or shorewall-lite restart
|
2006-06-13 23:07:46 +02:00
|
|
|
#
|
|
|
|
|
# The value of the option must be the name of an executable file in the
|
2006-06-14 15:11:04 +02:00
|
|
|
# directory /var/lib/shorewall-lite. If this option is not set or if it
|
|
|
|
|
# is set to the empty value (RESTOREFILE="") then RESTOREFILE=restore is
|
2006-06-13 23:07:46 +02:00
|
|
|
# assumed.
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
RESTOREFILE=restore
|
|
|
|
|
|
2006-06-03 17:16:21 +02:00
|
|
|
#LAST LINE -- DO NOT REMOVE
|
