Shorewall6 4.4-4.6 Manpages
Tom
Eastep
2007-2014
Thomas M. Eastep
Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
GNU Free Documentation
License
.
These manpages are for Shorewall6 4.4 and later only. They describe
features and options not available on earlier releases.
Section 5 — Files and Concepts
accounting - Define
IP accounting rules.
actions
- Declare user-defined actions.
blacklist - Static
blacklisting (deprecated)
blrules
- shorewall6 Blacklist file.
conntrack - Specify
helpers for connections or exempt certain traffic from netfilter
connection tracking.
exclusion -
Excluding hosts from a network or zone
hosts -
Define multiple zones accessed through a single interface
interfaces - Define
the interfaces on the system and optionally associate them with
zones.
maclist
- Define MAC verification.
mangle -
Supersedes tcrules and describes packet/connection marking.
masq -
Define Masquerade/SNAT
modules
- Specify which kernel modules to load.
nat -
(added in Shorewall 4.6.4) Specify 1:1 NAT
nesting
- How to define nested zones.
notrack
- Exclude certain traffic from Netfilter6 connection tracking (renamed
conntrack in
Shorewall 4.5.7)
params -
Assign values to shell variables used in other files.
policy -
Define high-level policies for connections between zones.
providers - Define
routing tables, usually for multiple Internet links.
proxyndp - Defines
Proxy NDP
rtrules
- Define routing rules.
routes -
(Added in Shorewall 4.4.15) Add additional routes to provider routing
tables.
routestopped -
Specify connections to be permitted when Shorewall6 is in the stopped
state (Deprecated in Shoreall 4.5.8).
rules -
Specify exceptions to policies, including DNAT and REDIRECT.
secmarks - Attached
an SELinux context to a packet.
stoppedrules -
Specify connections to be permitted when Shorewall6 is in the stopped
state (Added in Shoreall 4.5.8).
tcclasses - Define
htb classes for traffic shaping.
tcdevices - Specify
speed of devices for traffic shaping.
tcinterfaces -
Specify interfaces for simplified traffic shaping.
tcpri -
Classify traffic for simplified traffic shaping.
tcrules
- Define packet marking rules, usually for traffic shaping. Superseded
by mangle (above) in Shorewall 4.6.0.
tos -
Define TOS field manipulation.
tunnels
- Define VPN connections with endpoints on the firewall.
shorewall6.conf - Specify
values for global Shorewall6 options.
shorewall6-lite.conf
- Specify values for global Shorewall6 Lite options.
vardir -
Redefine the directory where Shorewall6 keeps its state
information.
vardir-lite -
Redefine the directory where Shorewall6 Lite keeps its state
information.
zones -
Declare Shorewall6 zones.
Section 8 — Administrative Commands
shorewall6 -
/sbin/shorewall6 command syntax and semantics.
shorewall6-lite -
/sbin/shorewall6-lite command syntax and semantics.