############################################################################### # /etc/shorewall-lite/shorewall.conf V3.0 - Change the following variables to # match your setup # # This program is under GPL [http://www.gnu.org/copyleft/gpl.htm] # # This file should be placed in /etc/shorewall-lite # # (c) 2006 - Tom Eastep (teastep@shorewall.net) # ############################################################################### # V E R B O S I T Y ############################################################################### # # Shorewall has traditionally been very noisy. You may now set the default # level of verbosity here. # # Values are: # # 0 -- Silent. You may make it more verbose using the -v option # 1 -- Major progress messages displayed # 2 -- All progress messages displayed (old default behavior) # # If not specified, then 2 is assumed VERBOSITY=1 ############################################################################### # L O G G I N G ############################################################################### # # LOG FILE LOCATION # # This variable tells the /sbin/shorewall-lite program where to look for Shorewall # Lite log messages. If not set or set to an empty string (e.g., LOGFILE="") then # /var/log/messages is assumed. # # WARNING: The LOGFILE variable simply tells the 'shorewall-lite' program where # to look for Shorewall messages.It does NOT control the destination for # these messages. For information about how to do that, see # # http://www.shorewall.net/shorewall_logging.html # LOGFILE=/var/log/messages # # LOG FORMAT # # Shell 'printf' Formatting template for the --log-prefix value in log messages # generated by Shorewall Lite to identify Shorewall Lite log messages. The # value specified here will be used when generating log messages provided that # no value was supplied for LOGFORMAT in the shorewall.conf used to compile # the firewall script. # # The supplied template is expected to accept either two or three arguments; # the first is the chain name, the second (optional) is the logging rule number # within that chain and the third is the ACTION specifying the disposition of # the packet being logged. You must use the %d formatting type for the rule # number; if your template does not contain %d then the rule number will not be # included. # # If you want to integrate Shorewall with fireparse, then set LOGFORMAT as: # # LOGFORMAT="fp=%s:%d a=%s " # # If not specified or specified as empty (LOGFORMAT="") then the value # "Shorewall:%s:%s:" is assumed. # # CAUTION: /sbin/shorewall-lite uses the leading part of the LOGFORMAT string # (up to but not including the first '%') to find log messages in the 'show log', # 'status' and 'hits' commands. This part should not be omitted (the # LOGFORMAT should not begin with "%") and the leading part should be # sufficiently unique for /sbin/shorewall-lite to identify Shorewall Lite # messages. # LOGFORMAT="Shorewall:%s:%s:" ############################################################################### # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S ############################################################################### # # IPTABLES # # Full path to iptables executable Shorewall uses to build the firewall. If # not specified or if specified with an empty value (e.g., IPTABLES="") then # the iptables executable located via the PATH setting below is used. # IPTABLES= # # PATH - Change this if you want to change the order in which Shorewall # searches directories for executable files. # PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin # # SHELL # # The firewall script is normally interpreted by /bin/sh. If you wish to change # the shell used to interpret that script, specify the shell here. # SHOREWALL_SHELL=/bin/sh # SUBSYSTEM LOCK FILE # # Set this to the name of the lock file expected by your init scripts. For # RedHat, this should be /var/lock/subsys/shorewall. If your init scripts don't # use lock files, set this to "". # SUBSYSLOCK=/var/lock/subsys/shorewall-lite # RESTORE SCRIPT # # This option determines the script to be run in the following cases: # # shorewall-lite -f start # shorewall-lite restore # shorewall-lite save # shorewall-lite forget # Failure of shorewall-lite start or shorewall-lite restart # # The value of the option must be the name of an executable file in the # directory /var/lib/shorewall-lite. If this option is not set or if it # is set to the empty value (RESTOREFILE="") then RESTOREFILE=restore is # assumed. # RESTOREFILE=restore #LAST LINE -- DO NOT REMOVE