Shorewall6 4.4-4.6 Manpages Tom Eastep 2007-2014 Thomas M. Eastep Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License. These manpages are for Shorewall6 4.4 and later only. They describe features and options not available on earlier releases.
Section 5 — Files and Concepts
accounting - Define IP accounting rules. actions - Declare user-defined actions. blacklist - Static blacklisting (deprecated) blrules - shorewall6 Blacklist file. conntrack - Specify helpers for connections or exempt certain traffic from netfilter connection tracking. exclusion - Excluding hosts from a network or zone hosts - Define multiple zones accessed through a single interface interfaces - Define the interfaces on the system and optionally associate them with zones. maclist - Define MAC verification. mangle - Supersedes tcrules and describes packet/connection marking. masq - Define Masquerade/SNAT modules - Specify which kernel modules to load. nat - (added in Shorewall 4.6.4) Specify 1:1 NAT nesting - How to define nested zones. notrack - Exclude certain traffic from Netfilter6 connection tracking (renamed conntrack in Shorewall 4.5.7) params - Assign values to shell variables used in other files. policy - Define high-level policies for connections between zones. providers - Define routing tables, usually for multiple Internet links. proxyndp - Defines Proxy NDP rtrules - Define routing rules. routes - (Added in Shorewall 4.4.15) Add additional routes to provider routing tables. routestopped - Specify connections to be permitted when Shorewall6 is in the stopped state (Deprecated in Shoreall 4.5.8). rules - Specify exceptions to policies, including DNAT and REDIRECT. secmarks - Attached an SELinux context to a packet. stoppedrules - Specify connections to be permitted when Shorewall6 is in the stopped state (Added in Shoreall 4.5.8). tcclasses - Define htb classes for traffic shaping. tcdevices - Specify speed of devices for traffic shaping. tcinterfaces - Specify interfaces for simplified traffic shaping. tcpri - Classify traffic for simplified traffic shaping. tcrules - Define packet marking rules, usually for traffic shaping. Superseded by mangle (above) in Shorewall 4.6.0. tos - Define TOS field manipulation. tunnels - Define VPN connections with endpoints on the firewall. shorewall6.conf - Specify values for global Shorewall6 options. shorewall6-lite.conf - Specify values for global Shorewall6 Lite options. vardir - Redefine the directory where Shorewall6 keeps its state information. vardir-lite - Redefine the directory where Shorewall6 Lite keeps its state information. zones - Declare Shorewall6 zones.
Section 8 — Administrative Commands
shorewall6 - /sbin/shorewall6 command syntax and semantics. shorewall6-lite - /sbin/shorewall6-lite command syntax and semantics.