<?xml version="1.0" encoding="UTF-8"?>
<refentry>
  <refmeta>
    <refentrytitle>shorewall-rfc1918</refentrytitle>

    <manvolnum>5</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>rfc1918</refname>

    <refpurpose>Shorewall file</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis>
      <command>/usr/share/shorewall/rfc1918</command>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para>The rfc1918 file determines the handling of connections under the
    norfc1918 option in <ulink
    url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5). Do not
    modify <filename>/usr/share/shorewall/rfc1918</filename>; if you need to
    change norfc1918 handling, then copy
    <filename>/usr/share/shorewall/rfc1918</filename> to
    <filename>/etc/shorewall/rfc1918</filename> and modify the copy.</para>

    <para>The released version of this file logs and drops packets from the
    three address ranges reserved by RFC 1918:</para>

    <blockquote>
      <programlisting>10.0.0.0/8
172.16.0.0/12
192.168.0.0/16</programlisting>
    </blockquote>

    <para>The columns in the file are as follows.</para>

    <variablelist>
      <varlistentry>
        <term><emphasis role="bold">SUBNET -
        <replaceable>address</replaceable></emphasis></term>

        <listitem>
          <para>Subnet address in CIDR format.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><emphasis role="bold">TARGET</emphasis> - {<emphasis
        role="bold">RETURN</emphasis>|<emphasis
        role="bold">DROP</emphasis>|<emphasis
        role="bold">logdrop</emphasis>}</term>

        <listitem>
          <para><emphasis role="bold">RETURN</emphasis> causes packets to/from
          the specified subnet to be processed normally by the applicable
          rules and policies.</para>

          <para><emphasis role="bold">DROP</emphasis> causes packets from the
          specified subnet to be silently dropped.</para>

          <para><emphasis role="bold">logdrop</emphasis> causes packets from
          the specified subnet to be logged at the level specified by the
          RFC1918_LOG_LEVEL option in <ulink
          url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
        </listitem>
      </varlistentry>
    </variablelist>

    <para>Also, please see the RFC1918_STRICT option in <ulink
    url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
  </refsect1>

  <refsect1>
    <title>FILES</title>

    <para>/usr/share/shorewall/rfc1918</para>

    <para>/etc/shorewall/rfc1918</para>
  </refsect1>

  <refsect1>
    <title>See ALSO</title>

    <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
    shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
    shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
    shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
    shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
    shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5),
    shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
    shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
    shorewall-zones(5)</para>
  </refsect1>
</refentry>