<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<refentry>
  <refmeta>
    <refentrytitle>shorewall-actions</refentrytitle>

    <manvolnum>5</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>actions</refname>

    <refpurpose>Shorewall action declaration file</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis>
      <command>/etc/shorewall/actions</command>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para>This file allows you to define new ACTIONS for use in rules (see
    <ulink url="shorewall-rules.html">shorewall-rules(5)</ulink>). You define
    the iptables rules to be performed in an ACTION in
    /etc/shorewall/action.<emphasis>action-name</emphasis>.</para>

    <para>Columns are:</para>

    <variablelist>
      <varlistentry>
        <term>NAME</term>

        <listitem>
          <para>The name of the action. ACTION names should begin with an
          upper-case letter to distinguish them from Shorewall-generated chain
          names and be composed of letters, digits or numbers. If you intend
          to log from the action then the name must be no longer than 11
          characters in length if you use the standard LOGFORMAT.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>OPTIONS</term>

        <listitem>
          <para>Added in Shorewall 4.5.10. Available options are:</para>

          <variablelist>
            <varlistentry>
              <term>inline</term>

              <listitem>
                <para>Causes the action body (defined in
                action.<replaceable>action-name</replaceable>) to be expanded
                in-line like a macro rather than in its own chain. You can
                list Shorewall Standard Actions in this file to specify the
                <option>inline</option> option.</para>

                <caution>
                  <para>Some of the Shorewall standard actions cannot be used
                  in-line and will generate a warning and the compiler will
                  ignore <option>inline</option> if you try to use them that
                  way:</para>

                  <simplelist>
                    <member>Broadcast</member>

                    <member>DropSmurfs</member>

                    <member>Invalid</member>

                    <member>NotSyn</member>

                    <member>RST</member>

                    <member>TCPFlags</member>
                  </simplelist>
                </caution>
              </listitem>
            </varlistentry>

            <varlistentry>
              <term>noinline</term>

              <listitem>
                <para>Causes any later <option>inline</option> option for the
                same action to be ignored with a warning.</para>
              </listitem>
            </varlistentry>

            <varlistentry>
              <term>nolog</term>

              <listitem>
                <para>Added in Shorewall 4.5.11. When this option is
                specified, the compiler does not automatically apply the log
                level and/or tag from the invocation of the action to all
                rules inside of the action. Rather, it simply sets the
                $_loglevel and $_logtag shell variables which can be used
                within the action body to apply those logging options only to
                a subset of the rules.</para>
              </listitem>
            </varlistentry>
          </variablelist>
        </listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>FILES</title>

    <para>/etc/shorewall/actions</para>
  </refsect1>

  <refsect1>
    <title>See ALSO</title>

    <para><ulink
    url="http://shorewall.net/Actions.html">http://shorewall.net/Actions.html</ulink></para>

    <para>shorewall(8), shorewall-accounting(5), shorewall-blacklist(5),
    shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5),
    shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
    shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
    shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5),
    shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
    shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
    shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
    shorewall-zones(5)</para>
  </refsect1>
</refentry>