2007-07-08 23:33:01 +02:00
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
2008-07-07 22:22:09 +02:00
|
|
|
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
|
|
|
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
|
2007-07-08 23:33:01 +02:00
|
|
|
<article>
|
|
|
|
<!--$Id: template.xml 5908 2007-04-12 23:04:36Z teastep $-->
|
|
|
|
|
|
|
|
<articleinfo>
|
2019-02-07 19:42:23 +01:00
|
|
|
<title>Shorewall 5.* Manpages</title>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
|
|
|
<authorgroup>
|
|
|
|
<author>
|
|
|
|
<firstname>Tom</firstname>
|
|
|
|
|
|
|
|
<surname>Eastep</surname>
|
|
|
|
</author>
|
|
|
|
</authorgroup>
|
|
|
|
|
|
|
|
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
|
|
|
|
|
|
|
|
<copyright>
|
2019-02-07 19:42:23 +01:00
|
|
|
<year>2007-2019</year>
|
2013-01-04 18:17:57 +01:00
|
|
|
|
2007-07-08 23:33:01 +02:00
|
|
|
<holder>Thomas M. Eastep</holder>
|
|
|
|
</copyright>
|
|
|
|
|
|
|
|
<legalnotice>
|
|
|
|
<para>Permission is granted to copy, distribute and/or modify this
|
|
|
|
document under the terms of the GNU Free Documentation License, Version
|
|
|
|
1.2 or any later version published by the Free Software Foundation; with
|
2023-01-19 23:17:25 +01:00
|
|
|
no Invariant Sections, no Front-Cover Texts, and no Back-Cover
|
2007-07-08 23:33:01 +02:00
|
|
|
Texts. A copy of the license is included in the section entitled
|
|
|
|
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation
|
|
|
|
License</ulink></quote>.</para>
|
|
|
|
</legalnotice>
|
|
|
|
</articleinfo>
|
|
|
|
|
|
|
|
<warning>
|
2015-10-03 17:50:49 +02:00
|
|
|
<para>These manpages are for Shorewall 5.0 and later only. They describe
|
|
|
|
features and options not available on earlier releases. The manpages for
|
2015-10-05 16:51:43 +02:00
|
|
|
Shorewall 4.4-4.6 are available<ulink url="/manpages4/Manpages.html">
|
2015-10-03 17:50:49 +02:00
|
|
|
here</ulink>.</para>
|
2007-07-08 23:33:01 +02:00
|
|
|
</warning>
|
|
|
|
|
|
|
|
<section id="Section5">
|
|
|
|
<title>Section 5 — Files and Concepts</title>
|
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<blockquote>
|
|
|
|
<simplelist>
|
|
|
|
<member><ulink
|
|
|
|
url="manpages/shorewall-accounting.html">accounting</ulink> - Define
|
|
|
|
IP accounting rules.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink url="manpages/shorewall-actions.html">actions</ulink> -
|
|
|
|
Declare user-defined actions.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2019-02-07 19:42:23 +01:00
|
|
|
<member><ulink
|
|
|
|
url="/manpages/shorewall-addresses.html">addresses</ulink> - Describes
|
|
|
|
how IP address and ports are specified in Shorewall</member>
|
|
|
|
|
2013-01-04 18:17:57 +01:00
|
|
|
<member><ulink url="manpages/shorewall-arprules.html">arprules</ulink>
|
|
|
|
- (Added in Shorewall 4.5.12) Define arpfilter rules.</member>
|
|
|
|
|
2014-02-26 19:30:18 +01:00
|
|
|
<member><ulink url="manpages/shorewall-blrules.html">blrules</ulink> -
|
|
|
|
shorewall Blacklist file.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2012-08-20 20:13:39 +02:00
|
|
|
<member><ulink
|
|
|
|
url="manpages/shorewall-conntrack.html">conntrack</ulink> - Specify
|
|
|
|
helpers for connections or exempt certain traffic from netfilter
|
|
|
|
connection tracking.</member>
|
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink url="manpages/shorewall-ecn.html">ecn</ulink> -
|
|
|
|
Disabling Explicit Congestion Notification</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink
|
|
|
|
url="manpages/shorewall-exclusion.html">exclusion</ulink> - Excluding
|
|
|
|
hosts from a network or zone</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2019-02-07 19:42:23 +01:00
|
|
|
<member><ulink url="/manpages/shorewall-files.html">files</ulink> -
|
|
|
|
Describes the shorewall configuration files</member>
|
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink url="manpages/shorewall-hosts.html">hosts</ulink> -
|
|
|
|
Define multiple zones accessed through a single interface</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink
|
|
|
|
url="manpages/shorewall-interfaces.html">interfaces</ulink> - Define
|
|
|
|
the interfaces on the system and optionally associate them with
|
|
|
|
zones.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2010-09-21 01:00:19 +02:00
|
|
|
<member><ulink url="manpages/shorewall-ipsets.html">ipsets</ulink> -
|
|
|
|
Describes how to specify set names in Shorewall configuration
|
|
|
|
files.</member>
|
|
|
|
|
2017-11-03 18:43:48 +01:00
|
|
|
<member><ulink url="manpages/shorewall-logging.html">logging</ulink> -
|
|
|
|
Provides an overview of Shorewall packet logging facilities</member>
|
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink url="manpages/shorewall-maclist.html">maclist</ulink> -
|
|
|
|
Define MAC verification.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2013-12-29 02:31:51 +01:00
|
|
|
<member><ulink url="manpages/shorewall-mangle.html">mangle</ulink> -
|
2014-06-13 13:25:54 +02:00
|
|
|
Supersedes tcrules and describes packet/connection marking.</member>
|
2013-12-29 02:31:51 +01:00
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink url="manpages/shorewall-masq.html">masq</ulink> -
|
2018-01-22 19:48:58 +01:00
|
|
|
Define Masquerade/SNAT (deprecated)</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink url="manpages/shorewall-modules.html">modules</ulink> -
|
2019-02-07 19:42:23 +01:00
|
|
|
Specify which kernel modules to load (Removed in Shorewall
|
|
|
|
5.2.3)</member>
|
|
|
|
|
|
|
|
<member><ulink url="/manpages/shorewall-names.html">names</ulink> -
|
|
|
|
Describes object naming in Shorewall configuration files</member>
|
2007-07-10 01:29:07 +02:00
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink url="manpages/shorewall-nat.html">nat</ulink> - Define
|
|
|
|
one-to-one NAT.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink url="manpages/shorewall-nesting.html">nesting</ulink> -
|
|
|
|
How to define nested zones.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink url="manpages/shorewall-netmap.html">netmap</ulink> -
|
|
|
|
How to map addresses from one net to another.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink url="manpages/shorewall-params.html">params</ulink> -
|
|
|
|
Assign values to shell variables used in other files.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink url="manpages/shorewall-policy.html">policy</ulink> -
|
|
|
|
Define high-level policies for connections between zones.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink
|
|
|
|
url="manpages/shorewall-providers.html">providers</ulink> - Define
|
2008-08-15 03:26:15 +02:00
|
|
|
routing tables, usually for multiple Internet links.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink url="manpages/shorewall-proxyarp.html">proxyarp</ulink>
|
2017-11-03 18:43:48 +01:00
|
|
|
- Define Proxy ARP (IPv4)</member>
|
|
|
|
|
2019-11-28 00:46:57 +01:00
|
|
|
<member><ulink url="manpages/shorewall-proxyndp.html">proxyndp</ulink>
|
|
|
|
- Define Proxy NDP (IPv6)</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2012-08-20 20:13:39 +02:00
|
|
|
<member><ulink url="manpages/shorewall-rtrules.html">rtrules</ulink> -
|
|
|
|
Define routing rules.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2010-11-20 22:51:16 +01:00
|
|
|
<member><ulink url="manpages/shorewall-routes.html">routes</ulink> -
|
|
|
|
(Added in Shorewall 4.4.15) Add additional routes to provider routing
|
|
|
|
tables.</member>
|
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink url="manpages/shorewall-rules.html">rules</ulink> -
|
|
|
|
Specify exceptions to policies, including DNAT and REDIRECT.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2010-09-08 00:03:05 +02:00
|
|
|
<member><ulink url="manpages/shorewall-secmarks.html">secmarks</ulink>
|
|
|
|
- Attach an SELinux context to a packet.</member>
|
2010-09-06 18:06:40 +02:00
|
|
|
|
2018-01-22 19:48:58 +01:00
|
|
|
<member><ulink url="manpages/shorewall-snat.html">snat</ulink> -
|
|
|
|
Define Masquerade/SNAT</member>
|
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink
|
|
|
|
url="manpages/shorewall-tcclasses.html">tcclasses</ulink> - Define htb
|
|
|
|
classes for traffic shaping.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink
|
|
|
|
url="manpages/shorewall-tcdevices.html">tcdevices</ulink> - Specify
|
|
|
|
speed of devices for traffic shaping.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2009-12-26 21:40:16 +01:00
|
|
|
<member><ulink
|
2010-06-10 15:15:15 +02:00
|
|
|
url="manpages/shorewall-tcfilters.html">tcfilters</ulink> - Classify
|
|
|
|
traffic for shaping; often used with an IFB to shape ingress
|
|
|
|
traffic.</member>
|
|
|
|
|
|
|
|
<member><ulink
|
2009-12-26 21:40:16 +01:00
|
|
|
url="manpages/shorewall-tcinterfaces.html">tcinterfaces</ulink> -
|
|
|
|
Specify devices for simplified traffic shaping.</member>
|
|
|
|
|
|
|
|
<member><ulink url="manpages/shorewall-tcpri.html">tcpri</ulink> -
|
|
|
|
Classify traffic for simplified traffic shaping.</member>
|
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink url="manpages/shorewall-tunnels.html">tunnels</ulink> -
|
|
|
|
Define VPN connections with endpoints on the firewall.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink
|
|
|
|
url="manpages/shorewall.conf.html">shorewall.conf</ulink> - Specify
|
|
|
|
values for global Shorewall options.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2017-11-03 18:43:48 +01:00
|
|
|
<member><ulink
|
2019-11-28 00:46:57 +01:00
|
|
|
url="manpages/shorewall.conf.html">shorewall6.conf</ulink> - Specify
|
2017-11-03 18:43:48 +01:00
|
|
|
values for global Shorewall6 options.</member>
|
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink
|
|
|
|
url="manpages/shorewall-lite.conf.html">shorewall-lite.conf</ulink> -
|
|
|
|
Specify values for global Shorewall Lite options.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2017-11-03 18:43:48 +01:00
|
|
|
<member><ulink
|
|
|
|
url="manpages6/shorewall6-lite.conf.html">shorewall6-lite.conf</ulink>
|
|
|
|
- Specify values for global Shorewall6 Lite options.</member>
|
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink url="manpages/shorewall-vardir.html">vardir</ulink> -
|
|
|
|
Redefine the directory where Shorewall keeps its state
|
|
|
|
information.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink
|
|
|
|
url="manpages/shorewall-lite-vardir.html">vardir-lite</ulink> -
|
|
|
|
Redefine the directory where Shorewall Lite keeps its state
|
|
|
|
information.</member>
|
2007-07-08 23:33:01 +02:00
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<member><ulink url="manpages/shorewall-zones.html">zones</ulink> -
|
|
|
|
Declare Shorewall zones.</member>
|
|
|
|
</simplelist>
|
|
|
|
</blockquote>
|
2007-07-08 23:33:01 +02:00
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="Section8">
|
|
|
|
<title>Section 8 — Administrative Commands</title>
|
|
|
|
|
2007-08-02 00:11:34 +02:00
|
|
|
<blockquote>
|
|
|
|
<simplelist>
|
|
|
|
<member><ulink url="manpages/shorewall.html">shorewall</ulink> -
|
2017-11-03 18:43:48 +01:00
|
|
|
/sbin/shorewall, /sbin/shorewall6/, /sbin/shorewall-lite and
|
2019-11-28 00:46:57 +01:00
|
|
|
/sbin/shorewall6-lite command syntax and semantics.</member>
|
2007-08-02 00:11:34 +02:00
|
|
|
</simplelist>
|
|
|
|
</blockquote>
|
2007-07-08 23:33:01 +02:00
|
|
|
</section>
|
2008-07-07 22:22:09 +02:00
|
|
|
</article>
|