2006-06-03 17:16:21 +02:00
|
|
|
###############################################################################
|
2006-07-21 18:37:00 +02:00
|
|
|
# /etc/shorewall-lite/shorewall.conf V3.2 - Change the following variables to
|
2006-06-03 17:16:21 +02:00
|
|
|
# match your setup
|
|
|
|
|
#
|
|
|
|
|
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
|
|
|
|
#
|
2006-06-09 19:57:56 +02:00
|
|
|
# This file should be placed in /etc/shorewall-lite
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
|
|
|
|
# (c) 2006 - Tom Eastep (teastep@shorewall.net)
|
|
|
|
|
#
|
|
|
|
|
###############################################################################
|
2006-07-27 00:15:28 +02:00
|
|
|
# N 0 T E
|
|
|
|
|
###############################################################################
|
|
|
|
|
# Entries in this file override entries in the shorewall.conf file in the
|
|
|
|
|
# configuration directory when the firewall script was compiled. Any variable
|
|
|
|
|
# not set here assumes the value defined at firewall compilation time.
|
|
|
|
|
###############################################################################
|
2006-06-03 17:16:21 +02:00
|
|
|
# V E R B O S I T Y
|
|
|
|
|
###############################################################################
|
|
|
|
|
#
|
|
|
|
|
# Shorewall has traditionally been very noisy. You may now set the default
|
|
|
|
|
# level of verbosity here.
|
|
|
|
|
#
|
|
|
|
|
# Values are:
|
|
|
|
|
#
|
|
|
|
|
# 0 -- Silent. You may make it more verbose using the -v option
|
|
|
|
|
# 1 -- Major progress messages displayed
|
|
|
|
|
# 2 -- All progress messages displayed (old default behavior)
|
|
|
|
|
#
|
2006-07-27 00:15:28 +02:00
|
|
|
VERBOSITY=
|
2006-06-03 17:16:21 +02:00
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
|
# L O G G I N G
|
|
|
|
|
###############################################################################
|
|
|
|
|
#
|
|
|
|
|
# LOG FILE LOCATION
|
|
|
|
|
#
|
2006-06-14 15:52:54 +02:00
|
|
|
# This variable tells the /sbin/shorewall-lite program where to look for Shorewall
|
2006-07-27 00:15:28 +02:00
|
|
|
# Lite log messages.
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
2006-06-14 15:52:54 +02:00
|
|
|
# WARNING: The LOGFILE variable simply tells the 'shorewall-lite' program where
|
|
|
|
|
# to look for Shorewall messages.It does NOT control the destination for
|
2006-06-03 17:16:21 +02:00
|
|
|
# these messages. For information about how to do that, see
|
|
|
|
|
#
|
|
|
|
|
# http://www.shorewall.net/shorewall_logging.html
|
|
|
|
|
#
|
|
|
|
|
|
2006-07-27 00:15:28 +02:00
|
|
|
LOGFILE=
|
2006-06-03 17:16:21 +02:00
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# LOG FORMAT
|
|
|
|
|
#
|
2006-06-14 15:52:54 +02:00
|
|
|
# Shell 'printf' Formatting template for the --log-prefix value in log messages
|
|
|
|
|
# generated by Shorewall Lite to identify Shorewall Lite log messages. The
|
|
|
|
|
# value specified here will be used when generating log messages provided that
|
|
|
|
|
# no value was supplied for LOGFORMAT in the shorewall.conf used to compile
|
|
|
|
|
# the firewall script.
|
|
|
|
|
#
|
|
|
|
|
# The supplied template is expected to accept either two or three arguments;
|
|
|
|
|
# the first is the chain name, the second (optional) is the logging rule number
|
|
|
|
|
# within that chain and the third is the ACTION specifying the disposition of
|
|
|
|
|
# the packet being logged. You must use the %d formatting type for the rule
|
|
|
|
|
# number; if your template does not contain %d then the rule number will not be
|
|
|
|
|
# included.
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
|
|
|
|
# If you want to integrate Shorewall with fireparse, then set LOGFORMAT as:
|
|
|
|
|
#
|
2006-06-14 15:52:54 +02:00
|
|
|
# LOGFORMAT="fp=%s:%d a=%s "
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
2006-06-14 15:52:54 +02:00
|
|
|
# CAUTION: /sbin/shorewall-lite uses the leading part of the LOGFORMAT string
|
|
|
|
|
# (up to but not including the first '%') to find log messages in the 'show log',
|
|
|
|
|
# 'status' and 'hits' commands. This part should not be omitted (the
|
|
|
|
|
# LOGFORMAT should not begin with "%") and the leading part should be
|
|
|
|
|
# sufficiently unique for /sbin/shorewall-lite to identify Shorewall Lite
|
|
|
|
|
# messages.
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
|
|
|
|
|
2006-07-27 00:15:28 +02:00
|
|
|
LOGFORMAT=
|
2006-06-03 17:16:21 +02:00
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
|
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
|
|
|
|
|
###############################################################################
|
|
|
|
|
#
|
|
|
|
|
# IPTABLES
|
|
|
|
|
#
|
2006-07-27 00:15:28 +02:00
|
|
|
# Full path to iptables executable Shorewall uses to build the firewall.
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
|
|
|
|
|
|
|
|
|
IPTABLES=
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# PATH - Change this if you want to change the order in which Shorewall
|
|
|
|
|
# searches directories for executable files.
|
|
|
|
|
#
|
|
|
|
|
|
2006-07-27 00:15:28 +02:00
|
|
|
PATH=
|
2006-06-03 17:16:21 +02:00
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# SHELL
|
|
|
|
|
#
|
|
|
|
|
# The firewall script is normally interpreted by /bin/sh. If you wish to change
|
|
|
|
|
# the shell used to interpret that script, specify the shell here.
|
|
|
|
|
#
|
|
|
|
|
|
2006-07-27 00:15:28 +02:00
|
|
|
SHOREWALL_SHELL=
|
2006-06-03 17:16:21 +02:00
|
|
|
|
|
|
|
|
# SUBSYSTEM LOCK FILE
|
|
|
|
|
#
|
|
|
|
|
# Set this to the name of the lock file expected by your init scripts. For
|
2006-06-14 17:06:19 +02:00
|
|
|
# RedHat, this should be /var/lock/subsys/shorewall-lite. If your init scripts
|
|
|
|
|
# don't use lock files, set this to "".
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
|
|
|
|
|
2006-07-27 00:15:28 +02:00
|
|
|
SUBSYSLOCK=
|
2006-06-03 17:16:21 +02:00
|
|
|
|
2006-06-13 23:07:46 +02:00
|
|
|
# RESTORE SCRIPT
|
|
|
|
|
#
|
|
|
|
|
# This option determines the script to be run in the following cases:
|
|
|
|
|
#
|
|
|
|
|
# shorewall-lite -f start
|
|
|
|
|
# shorewall-lite restore
|
|
|
|
|
# shorewall-lite save
|
|
|
|
|
# shorewall-lite forget
|
2006-06-14 15:11:04 +02:00
|
|
|
# Failure of shorewall-lite start or shorewall-lite restart
|
2006-06-13 23:07:46 +02:00
|
|
|
#
|
|
|
|
|
# The value of the option must be the name of an executable file in the
|
2006-07-27 00:15:28 +02:00
|
|
|
# directory /var/lib/shorewall-lite.
|
2006-06-13 23:07:46 +02:00
|
|
|
#
|
|
|
|
|
|
2006-07-27 00:15:28 +02:00
|
|
|
RESTOREFILE=
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Include the settings derived from the configuration on the administrative system
|
|
|
|
|
#
|
2006-06-13 23:07:46 +02:00
|
|
|
|
2006-06-03 17:16:21 +02:00
|
|
|
#LAST LINE -- DO NOT REMOVE
|
