############################################################################### # /etc/shorewall-lite/shorewall.conf V3.3 - Change the following variables to # match your setup # # This program is under GPL [http://www.gnu.org/copyleft/gpl.htm] # # This file should be placed in /etc/shorewall-lite # # (c) 2006 - Tom Eastep (teastep@shorewall.net) # ############################################################################### # N 0 T E ############################################################################### # Entries in this file override entries in the shorewall.conf file in the # export directory when the firewall script was compiled. Any variable # not set here assumes the value defined at firewall compilation time. # # PROVIDED THAT shorewall.conf IN THE EXPORT DIRECTORY IS CORRECT, YOU DO NOT # NEED TO MODIFY THIS FILE IN ANY WAY ############################################################################### # V E R B O S I T Y ############################################################################### # # Shorewall has traditionally been very noisy. You may now set the default # level of verbosity here. # # Values are: # # 0 -- Silent. You may make it more verbose using the -v option # 1 -- Major progress messages displayed # 2 -- All progress messages displayed (old default behavior) # VERBOSITY= ############################################################################### # L O G G I N G ############################################################################### # # LOG FILE LOCATION # # This variable tells the /sbin/shorewall-lite program where to look for Shorewall # Lite log messages. # # WARNING: The LOGFILE variable simply tells the 'shorewall-lite' program where # to look for Shorewall messages.It does NOT control the destination for # these messages. For information about how to do that, see # # http://www.shorewall.net/shorewall_logging.html # LOGFILE= # # LOG FORMAT # # Shell 'printf' Formatting template for the --log-prefix value in log messages # generated by Shorewall Lite to identify Shorewall Lite log messages. The # value specified here will be used when generating log messages provided that # no value was supplied for LOGFORMAT in the shorewall.conf used to compile # the firewall script. # # The supplied template is expected to accept either two or three arguments; # the first is the chain name, the second (optional) is the logging rule number # within that chain and the third is the ACTION specifying the disposition of # the packet being logged. You must use the %d formatting type for the rule # number; if your template does not contain %d then the rule number will not be # included. # # If you want to integrate Shorewall with fireparse, then set LOGFORMAT as: # # LOGFORMAT="fp=%s:%d a=%s " # # Beginning with Shorewall 3.3.3, The contents of LOGFORMAT determine the # maximum length of a Shorewall zone name. LOGFORMAT must produce a string no # longer than 29 bytes when passed the chain name, [rule number], and 'ACCEPT'. # Using the default LOGFORMAT, the name of a chain must be 11 characters or # less; since chain names are often of the form 2, zone names are # limited to 5 characters using the default LOGFORMAT. In contrast, if # LOGFORMAT="FW:%s:%s:", then zone names can be as long as 8 characters. # LOGFORMAT= ############################################################################### # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S ############################################################################### # # IPTABLES # # Full path to iptables executable Shorewall uses to build the firewall. # IPTABLES= # # PATH - Change this if you want to change the order in which Shorewall # searches directories for executable files. # PATH= # # SHELL # # The firewall script is normally interpreted by /bin/sh. If you wish to change # the shell used to interpret that script, specify the shell here. # SHOREWALL_SHELL= # SUBSYSTEM LOCK FILE # # Set this to the name of the lock file expected by your init scripts. For # RedHat, this should be /var/lock/subsys/shorewall-lite. If your init scripts # don't use lock files, set this to "". # SUBSYSLOCK= # RESTORE SCRIPT # # This option determines the script to be run in the following cases: # # shorewall-lite -f start # shorewall-lite restore # shorewall-lite save # shorewall-lite forget # Failure of shorewall-lite start or shorewall-lite restart # # The value of the option must be the name of an executable file in the # directory /var/lib/shorewall-lite. # RESTOREFILE= # # Include the settings derived from the configuration on the administrative system # #LAST LINE -- DO NOT REMOVE