Shorewall 5.* Manpages
Tom
Eastep
2007-2019
Thomas M. Eastep
Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, no Front-Cover Texts, and no Back-Cover
Texts. A copy of the license is included in the section entitled
GNU Free Documentation
License
.
These manpages are for Shorewall 5.0 and later only. They describe
features and options not available on earlier releases. The manpages for
Shorewall 4.4-4.6 are available
here.
Section 5 — Files and Concepts
accounting - Define
IP accounting rules.
actions -
Declare user-defined actions.
addresses - Describes
how IP address and ports are specified in Shorewall
arprules
- (Added in Shorewall 4.5.12) Define arpfilter rules.
blrules -
shorewall Blacklist file.
conntrack - Specify
helpers for connections or exempt certain traffic from netfilter
connection tracking.
ecn -
Disabling Explicit Congestion Notification
exclusion - Excluding
hosts from a network or zone
files -
Describes the shorewall configuration files
hosts -
Define multiple zones accessed through a single interface
interfaces - Define
the interfaces on the system and optionally associate them with
zones.
ipsets -
Describes how to specify set names in Shorewall configuration
files.
logging -
Provides an overview of Shorewall packet logging facilities
maclist -
Define MAC verification.
mangle -
Supersedes tcrules and describes packet/connection marking.
masq -
Define Masquerade/SNAT (deprecated)
modules -
Specify which kernel modules to load (Removed in Shorewall
5.2.3)
names -
Describes object naming in Shorewall configuration files
nat - Define
one-to-one NAT.
nesting -
How to define nested zones.
netmap -
How to map addresses from one net to another.
params -
Assign values to shell variables used in other files.
policy -
Define high-level policies for connections between zones.
providers - Define
routing tables, usually for multiple Internet links.
proxyarp
- Define Proxy ARP (IPv4)
proxyndp
- Define Proxy NDP (IPv6)
rtrules -
Define routing rules.
routes -
(Added in Shorewall 4.4.15) Add additional routes to provider routing
tables.
rules -
Specify exceptions to policies, including DNAT and REDIRECT.
secmarks
- Attach an SELinux context to a packet.
snat -
Define Masquerade/SNAT
tcclasses - Define htb
classes for traffic shaping.
tcdevices - Specify
speed of devices for traffic shaping.
tcfilters - Classify
traffic for shaping; often used with an IFB to shape ingress
traffic.
tcinterfaces -
Specify devices for simplified traffic shaping.
tcpri -
Classify traffic for simplified traffic shaping.
tunnels -
Define VPN connections with endpoints on the firewall.
shorewall.conf - Specify
values for global Shorewall options.
shorewall6.conf - Specify
values for global Shorewall6 options.
shorewall-lite.conf -
Specify values for global Shorewall Lite options.
shorewall6-lite.conf
- Specify values for global Shorewall6 Lite options.
vardir -
Redefine the directory where Shorewall keeps its state
information.
vardir-lite -
Redefine the directory where Shorewall Lite keeps its state
information.
zones -
Declare Shorewall zones.
Section 8 — Administrative Commands
shorewall -
/sbin/shorewall, /sbin/shorewall6/, /sbin/shorewall-lite and
/sbin/shorewall6-lite command syntax and semantics.