accounting - Define IP accounting rules. actions - Declare user-defined actions. arprules - (Added in Shorewall 4.5.12) Define arpfilter rules. blacklist - Static blacklisting (deprecated) blrules - shorewall Blacklist file. conntrack - Specify helpers for connections or exempt certain traffic from netfilter connection tracking. ecn - Disabling Explicit Congestion Notification exclusion - Excluding hosts from a network or zone hosts - Define multiple zones accessed through a single interface interfaces - Define the interfaces on the system and optionally associate them with zones. ipsets - Describes how to specify set names in Shorewall configuration files. maclist - Define MAC verification. mangle - Supercedes tcrules and describes packet/connection marking. masq - Define Masquerade/SNAT modules - Specify which kernel modules to load. nat - Define one-to-one NAT. nesting - How to define nested zones. netmap - How to map addresses from one net to another. notrack - Exclude certain traffic from Netfilter connection tracking params - Assign values to shell variables used in other files. policy - Define high-level policies for connections between zones. providers - Define routing tables, usually for multiple Internet links. proxyarp - Define Proxy ARP. rtrules - Define routing rules. routes - (Added in Shorewall 4.4.15) Add additional routes to provider routing tables. routestopped - Specify connections to be permitted when Shorewall is in the stopped state (deprecated in Shorewall 4.5.8 in favor of the stoppedrules file). rules - Specify exceptions to policies, including DNAT and REDIRECT. secmarks - Attach an SELinux context to a packet. tcclasses - Define htb classes for traffic shaping. tcdevices - Specify speed of devices for traffic shaping. tcfilters - Classify traffic for shaping; often used with an IFB to shape ingress traffic. tcinterfaces - Specify devices for simplified traffic shaping. tcpri - Classify traffic for simplified traffic shaping. stoppedrules - Specify connections to be permitted when Shorewall is in the stopped state (added in Shorewall 4.5.8). tcrules - Define packet marking rules, usually for traffic shaping. Superceded by mangle (above) in Shorewall 4.6.0. tos - Define TOS field manipulation. tunnels - Define VPN connections with endpoints on the firewall. shorewall.conf - Specify values for global Shorewall options. shorewall-lite.conf - Specify values for global Shorewall Lite options. vardir - Redefine the directory where Shorewall keeps its state information. vardir-lite - Redefine the directory where Shorewall Lite keeps its state information. zones - Declare Shorewall zones.

shorewall - /sbin/shorewall command syntax and semantics. shorewall-init - Companion package that allows for automatic start/stop of other Shorewall products based on network events. shorewall-lite - /sbin/shorewall-lite command syntax and semantics.