Shorewall 4.0 ManpagesTomEastep2007Thomas M. EastepPermission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
GNU Free Documentation
License.These manpages are for Shorewall 4.0 only. They describe features
and options not available on earlier releases.The docbook to manpage translation tool that we are using has some
indentation issues which require us to choose between correct output of
the man command and correctly-indented HTML. We've chosen in favor of the
man command so some of the manpages accessed through the links below have
indentation problems. We're working to resolve these issues and ask for
your patience.Section 5 — Files and Conceptsaccounting - Define IP
accounting rules.actions -
Declare user-defined actions.blacklist
- Static blacklisting.ecn - Disabling
Explicit Congestion Notificationexclusion
- Excluding hosts from a network or zonehosts -
Define multiple zones accessed through a single interfaceinterfaces - Define the
interfaces on the system and optionally associate them with
zones.maclist -
Define MAC verification.masq - Define
Masquerade/SNATmodules -
Specify which kernel modules to load.nat - Define
one-to-one NAT.nesting -
How to define nested zones.netmap - How
to map addresses from one net to another.params -
Assign values to shell variables used in other files.policy -
Define high-level policies for connections between zones.providers
- Define routing tables, usually for mutliple internet links.proxyarp -
Define Proxy ARP.rfc1918 -
Specify address ranges affected by the
interface option.route_rules - Define
routing rules.routestopped -
Specify connections to be permitted when Shorewall is in the stopped
state.rules -
Specify exceptions to policies, including DNAT and REDIRECT.tcclasses
- Define htb classes for traffic shaping.tcdevices
- Specify speed of devices for traffic shaping.tcrules -
Define packet marking rules, usually for traffic shaping.tos - Define
TOS field manipulation.tunnels -
Define VPN connections with endpoints on the firewall.shorewall.conf
- Specify values for global Shorewall options.shorewall-lite.conf -
Specify values for global Shorewall Lite options.vardir -
Redefine the directory where Shorewall keeps its state
information.vardir-lite - Redefine
the directory where Shorewall Lite keeps its state information.zones -
Declare Shorewall zones.lSection 8 — Administrative Commandsshorewall -
/sbin/shorewall command syntax and semantics.shorewall-lite
- /sbin/shorewall-lite command syntax and semantics.