<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<refentry>
<refmeta>
<refentrytitle>shorewall6-lite.conf</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>shorewall6-lite.conf</refname>
<refpurpose>Shorewall6 Lite global configuration file</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>/etc/shorewall6-lite/shorewall6-lite.conf</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para>This file sets options that apply to Shorewall6 Lite as a
whole.</para>
<para>The file consists of Shell comments (lines beginning with '#'),
blank lines and assignment statements
(<emphasis>variable</emphasis>=<emphasis>value</emphasis>). Each
variable's setting is preceded by comments that describe the variable and
it's effect.</para>
<para>Any option not specified in this file gets its value from the
shorewall6.conf file used during compilation of
/var/lib/shorewall6-lite/firewall. Those settings may be found in the file
/var/lib/shorewall6-lite/firewall.conf.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<para>The following options may be set in shorewall6.conf.</para>
<variablelist>
<varlistentry>
<term><emphasis
role="bold">IP6TABLES=</emphasis>[<emphasis>pathname</emphasis>]</term>
<listitem>
<para>This parameter names the ip6tables executable to be used by
Shorewall6. If not specified or if specified as a null value, then
the ip6tables executable located using the PATH option is
used.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis
role="bold">LOGFILE=</emphasis>[<emphasis>pathname</emphasis>]</term>
<listitem>
<para>This parameter tells the /sbin/shorewall6 program where to
look for Shorewall6 messages when processing the <emphasis
role="bold">dump</emphasis>, <emphasis
role="bold">logwatch</emphasis>, <emphasis role="bold">show
log</emphasis>, and <emphasis role="bold">hits</emphasis> commands.
If not assigned or if assigned an empty value, /var/log/messages is
assumed.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">LOGFORMAT=</emphasis>[<emphasis
role="bold">"</emphasis><emphasis>formattemplate</emphasis><emphasis
role="bold">"</emphasis>]</term>
<listitem>
<para>The value of this variable generate the --log-prefix setting
for Shorewall6 logging rules. It contains a “printf” formatting
template which accepts three arguments (the chain name, logging rule
number (optional) and the disposition). To use LOGFORMAT with
fireparse, set it as:</para>
<programlisting> LOGFORMAT="fp=%s:%d a=%s "</programlisting>
<para>If the LOGFORMAT value contains the substring “%d” then the
logging rule number is calculated and formatted in that position; if
that substring is not included then the rule number is not included.
If not supplied or supplied as empty (LOGFORMAT="") then
“Shorewall6:%s:%s:” is assumed.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">PATH</emphasis><emphasis
role="bold"><emphasis
role="bold">=</emphasis><emphasis>pathname</emphasis>[<emphasis
role="bold">:</emphasis><emphasis>pathname</emphasis>]...</emphasis></term>
<listitem>
<para>Determines the order in which Shorewall6 searches directories
for executable files.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis
role="bold">RESTOREFILE=</emphasis>[<emphasis>filename</emphasis>]</term>
<listitem>
<para>Specifies the simple name of a file in /var/lib/shorewall6 to
be used as the default restore script in the <emphasis
role="bold">shorewall6 save</emphasis>, <emphasis
role="bold">shorewall6 restore</emphasis>, <emphasis
role="bold">shorewall6 forget </emphasis>and <emphasis
role="bold">shorewall6 -f start</emphasis> commands.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis
role="bold">SHOREWALL_SHELL=</emphasis>[<emphasis>pathname</emphasis>]</term>
<listitem>
<para>This option is used to specify the shell program to be used to
interpret the compiled script. If not specified or specified as a
null value, /bin/sh is assumed. Using a light-weight shell such as
ash or dash can significantly improve performance.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis
role="bold">SUBSYSLOCK=</emphasis>[<emphasis>pathname</emphasis>]</term>
<listitem>
<para>This parameter should be set to the name of a file that the
firewall should create if it starts successfully and remove when it
stops. Creating and removing this file allows Shorewall6 to work
with your distribution's initscripts. For RedHat, this should be set
to /var/lock/subsys/shorewall6. For Debian, the value is
/var/state/shorewall6 and in LEAF it is /var/run/shorwall.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">VERBOSITY=</emphasis>[<emphasis
role="bold"><emphasis>number</emphasis></emphasis>]</term>
<listitem>
<para>Shorewall6 has traditionally been very noisy (produced lots of
output). You may set the default level of verbosity using the
VERBOSITY OPTION.</para>
<para>Values are:</para>
<simplelist>
<member>0 - Silent. You may make it more verbose using the -v
option</member>
<member>1 - Major progress messages displayed</member>
<member>2 - All progress messages displayed (old default
behavior)</member>
</simplelist>
<para>If not specified, then 2 is assumed.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>FILES</title>
<para>/etc/shorewall6-lite/shorewall6.conf</para>
</refsect1>
<refsect1>
<title>See ALSO</title>
<para><ulink
url="http://www.shorewall.net/Documentation_Index.html">http://www.shorewall.net/Documentation_Index.html</ulink></para>
<para>shorewall6-lite(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-ipsec(5), shorewall6-maclist(5), shorewall6-masq(5),
shorewall6-nat(5), shorewall6-netmap(5), shorewall6-params(5),
shorewall6-policy(5), shorewall6-providers(5), shorewall6-proxyarp(5),
shorewall6-route_rules(5), shorewall6-routestopped(5),
shorewall6-rules(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),
shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5),
shorewall6-zones(5)</para>
</refsect1>
</refentry>