shorewall-actions5Configuration FilesactionsShorewall action declaration file/etc/shorewall/actionsDescriptionThis file allows you to define new ACTIONS for use in rules (see
shorewall-rules(5)).
You define the iptables rules to be performed in an ACTION in
/etc/shorewall/action.action-name.Columns are:NAMEThe name of the action. ACTION names should begin with an
upper-case letter to distinguish them from Shorewall-generated chain
names and be composed of letters, digits or numbers. If you intend
to log from the action then the name must be no longer than 11
characters in length if you use the standard LOGFORMAT.OPTIONSAdded in Shorewall 4.5.10. Available options are:builtinAdded in Shorewall 4.5.16. Defines the action as a rule
target that is supported by your iptables but is not directly
supported by Shorewall. The action may be used as the rule
target in an INLINE rule in shorewall-rules(5).Beginning with Shorewall 4.6.0, the Netfilter table(s)
in which the builtin can be
used may be specified: filter, nat, mangle and raw. If no table name(s) are given,
then filter is assumed. The
table names follow builtin
and are separated by commas; for example,
"FOOBAR,filter,mangle" would specify FOOBAR as a builtin
target that can be used in the filter and mangle
tables.inlineCauses the action body (defined in
action.action-name) to be expanded
in-line like a macro rather than in its own chain. You can
list Shorewall Standard Actions in this file to specify the
option.Some of the Shorewall standard actions cannot be used
in-line and will generate a warning and the compiler will
ignore if you try to use them that
way:BroadcastDropSmurfsInvalid (Prior to Shorewall 4.5.13)NotSyn (Prior to Shorewall 4.5.13)RST (Prior to Shorewall 4.5.13)TCPFlagsnoinlineCauses any later option for the
same action to be ignored with a warning.nologAdded in Shorewall 4.5.11. When this option is
specified, the compiler does not automatically apply the log
level and/or tag from the invocation of the action to all
rules inside of the action. Rather, it simply sets the
$_loglevel and $_logtag shell variables which can be used
within the action body to apply those logging options only to
a subset of the rules.FILES/etc/shorewall/actionsSee ALSOhttp://www.shorewall.net/Actions.htmlshorewall(8), shorewall-accounting(5), shorewall-blacklist(5),
shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5),
shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5),
shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
shorewall-mangle(5), shorewall-tos(5), shorewall-tunnels(5),
shorewall-zones(5)