<?xml version="1.0" encoding="UTF-8"?> <refentry> <refmeta> <refentrytitle>shorewall-rfc1918</refentrytitle> <manvolnum>5</manvolnum> </refmeta> <refnamediv> <refname>rfc1918</refname> <refpurpose>Shorewall file</refpurpose> </refnamediv> <refsynopsisdiv> <cmdsynopsis> <command>/usr/share/shorewall/rfc1918</command> </cmdsynopsis> </refsynopsisdiv> <refsect1> <title>Description</title> <para>The rfc1918 file determines the handling of connections under the norfc1918 option in <ulink url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5). Do not modify <filename>/usr/share/shorewall/rfc1918</filename>; if you need to change norfc1918 handling, then copy <filename>/usr/share/shorewall/rfc1918</filename> to <filename>/etc/shorewall/rfc1918</filename> and modify the copy.</para> <para>The released version of this file logs and drops packets from the three address ranges reserved by RFC 1918:</para> <blockquote> <programlisting>10.0.0.0/8 172.16.0.0/12 192.168.0.0/16</programlisting> </blockquote> <para>The columns in the file are as follows.</para> <variablelist> <varlistentry> <term><emphasis role="bold">SUBNET - <replaceable>address</replaceable></emphasis></term> <listitem> <para>Subnet address in CIDR format.</para> </listitem> </varlistentry> <varlistentry> <term><emphasis role="bold">TARGET</emphasis> - {<emphasis role="bold">RETURN</emphasis>|<emphasis role="bold">DROP</emphasis>|<emphasis role="bold">logdrop</emphasis>}</term> <listitem> <para><emphasis role="bold">RETURN</emphasis> causes packets to/from the specified subnet to be processed normally by the applicable rules and policies.</para> <para><emphasis role="bold">DROP</emphasis> causes packets from the specified subnet to be silently dropped.</para> <para><emphasis role="bold">logdrop</emphasis> causes packets from the specified subnet to be logged at the level specified by the RFC1918_LOG_LEVEL option in <ulink url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> </listitem> </varlistentry> </variablelist> <para>Also, please see the RFC1918_STRICT option in <ulink url="shorewall.conf.html">shorewall.conf</ulink>(5).</para> </refsect1> <refsect1> <title>FILES</title> <para>/usr/share/shorewall/rfc1918</para> <para>/etc/shorewall/rfc1918</para> </refsect1> <refsect1> <title>See ALSO</title> <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para> </refsect1> </refentry>