Shorewall 3.x Documentation
Tom
Eastep
2006-03-10
2001-2006
Thomas M. Eastep
3.0.0
Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
GNU Free Documentation
License
.
This article applies to Shorewall 3.0 and
later. If you are running a version of Shorewall earlier than Shorewall
3.0.0 then please see the documentation for that
release.
The complete Shorewall Documentation is available for download
in both Docbook XML and HTML formats.
Frequently asked questions:
FAQs
If you are new to Shorewall, please read these two articles
first.
Introduction to
Shorewall
QuickStart Guides
(HOWTOS)
The following article is also recommended reading for
newcomers.
Configuration File
Basics
Comments
in configuration files
Line
Continuation
INCLUDE
Directive
Port
Numbers/Service Names
Port
Ranges
Using
Shell Variables
Using
DNS Names
Complementing an IP
address or Subnet
IP
Address Ranges
Shorewall
Configurations (making a test configuration)
Using MAC
Addresses in Shorewall
The remainder of the Documentation supplements the QuickStart Guides.
Please review the appropriate guide before trying to use this documentation
directly.
This index is in alphabetical
order.
2.6 Kernel
Accounting
Actions
Aliased
(virtual) Interfaces (e.g., eth0:0)
Bandwidth Control
Blacklisting
Static Blacklisting using /etc/shorewall/blacklist
Dynamic Blacklisting using /sbin/shorewall
Bridging
Bridge/Firewall (control traffic
through the bridge)
Simple Bridge (don't need to
control traffic through the bridge)
Commands
(Description of all /sbin/shorewall commands)
Compiled Firewall
Programs (Shorewall 3.1 and later)
Configuration File Reference Manual
accounting
actions and
action.template
blacklist
hosts
interfaces
ipsec
maclist
macros and
macro.template
masq
modules
nat
netmap
params
policy
providers
proxyarp
rfc1918
routestopped
rules
shorewall.conf
tcclasses
tcdevices
tcrules
tos
tunnels
usersets and users
zones
Corporate Network Example
(Contributed by a Graeme Boyle)
DHCP
ECN Disabling by host or
subnet
Error Messages
Extension
Scripts (How to extend Shorewall without modifying Shorewall
code through the use of files in /etc/shorewall -- /etc/shorewall/start,
/etc/shorewall/stopped, etc.)
Fallback/Uninstall
FAQs
Features
Forwarding Traffic on the Same
Interface
FTP and Shorewall
Getting help or answers to
questions
Installation/Upgrade
IPP2P
IPSEC
IPSEC using Kernel 2.6 and Shorewall
2.1 or Later.
Ipsets
Kazaa
Filtering
Kernel Configuration
Logging
Macros
MAC Verification
Multiple Internet Connections from a
Single Firewall
Multiple Zones Through One
Interface
My Shorewall Configuration (How
I personally use Shorewall)
Netfilter
Overview
Network Mapping
One-to-one NAT (Static NAT)
OpenVPN
Operating
Shorewall
Packet Processing in a
Shorewall-based Firewall
'Ping' Management
Port Information
Which applications use which ports
Ports used by Trojans
Port Knocking and Other Uses of the
'Recent Match'
PPTP
Proxy ARP
Release Model
Requirements
Routing and
Shorewall
Routing on One
Interface
Samba
Shorewall Setup
Guide
Introduction
Shorewall
Concepts
Network
Interfaces
Addressing, Subnets and
Routing
IP
Addresses
Subnets
Routing
Address
Resolution Protocol (ARP)
RFC
1918
Setting up
your Network
Routed
Non-routed
SNAT
DNAT
Proxy
ARP
One-to-one
NAT
Rules
Odds
and Ends
DNS
Starting
and Stopping the Firewall
SMB
Squid with
Shorewall
Starting/stopping
the Firewall
Description of all /sbin/shorewall commands
How to safely test a Shorewall configuration change
Static (one-to-one) NAT
Support
Traffic Accounting
Traffic
Shaping/QOS
Troubleshooting (Things to
try if it doesn't work)
UPnP
Upgrade Issues
VPN
6to4
Basics
GRE and IPIP
IPSEC
IPSEC/PPTP passthrough from a system
behind your firewall to a remote network
OpenVPN (My personal
choice)
Other VPN
types
PPTP
White List
Creation
Xen
Xen the way that I use
it
Tight Firewall in Xen
Dom0