shorewall6-rtrules
5
Configuration Files
rtrules
Shorewall6 Routing Rules file
/etc/shorewall6/rtrules
Description
Entries in this file cause traffic to be routed to one of the
providers listed in shorewall6-providers(5).
The columns in the file are as follows.
SOURCE (Optional) - {-|interface|address|interface:<address>}
An ip address (network or host) that
matches the source IP address in a packet. May also be specified as
an interface name optionally followed by ":"
and an address. If the device lo is
specified, the packet must originate from the firewall
itself.
Beginning with Shorewall 4.5.0, you may specify
&interface in this column to indicate
that the source is the primary IP address of the named
interface.
Beginning with Shorewall 4.6.8, you may specify a
comma-separated list of addresses in this column.
DEST (Optional) - {-|address}
An ip address (network or host) that matches the destination
IP address in a packet.
If you choose to omit either SOURCE or DEST, place "-" in that column. Note that you
may not omit both SOURCE and
DEST.
Beginning with Shorewall 4.6.8, you may specify a
comma-separated list of addresses in this column.
PROVIDER -
{provider-name|provider-number|main}
The provider to route the traffic through. May be expressed
either as the provider name or the provider number. May also be
main or 254 for the main routing
table. This can be used in combination with VPN tunnels, see example
2 below.
PRIORITY -
priority
The rule's numeric priority which
determines the order in which the rules are processed. Rules with
equal priority are applied in the order in which they appear in the
file.
1000-1999
Before Shorewall6-generated 'MARK' rules
11000-11999
After 'MARK' rules but before Shorewall6-generated rules
for ISP interfaces.
26000-26999
After ISP interface rules but before 'default'
rule.
MARK -
{-|mark[/mask]}
Optional -- added in Shorewall 4.4.25. For this rule to be
applied to a packet, the packet's mark value must match the
mark when logically anded with the
mask. If a
mask is not supplied, Shorewall supplies
a suitable provider mask.
Examples
Example 1:
You want all traffic coming in on eth1 to be routed to the
ISP1 provider.
#SOURCE DEST PROVIDER PRIORITY MASK
eth1 - ISP1 1000
FILES
/etc/shorewall6/rtrules
See ALSO
http://www.shorewall.net/MultiISP.html
shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5),
shorewall6-policy(5), shorewall6-providers(5), shorewall6-routestopped(5),
shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-mangle(5),
shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)