forked from extern/shorewall_code
ae9d76b881
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3971 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
149 lines
5.3 KiB
Plaintext
149 lines
5.3 KiB
Plaintext
###############################################################################
|
|
# /etc/shorewall/shorewall.conf V3.0 - Change the following variables to
|
|
# match your setup
|
|
#
|
|
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
|
#
|
|
# This file should be placed in /etc/shorewall
|
|
#
|
|
# (c) 2006 - Tom Eastep (teastep@shorewall.net)
|
|
#
|
|
###############################################################################
|
|
# V E R B O S I T Y
|
|
###############################################################################
|
|
#
|
|
# Shorewall has traditionally been very noisy. You may now set the default
|
|
# level of verbosity here.
|
|
#
|
|
# Values are:
|
|
#
|
|
# 0 -- Silent. You may make it more verbose using the -v option
|
|
# 1 -- Major progress messages displayed
|
|
# 2 -- All progress messages displayed (old default behavior)
|
|
#
|
|
# If not specified, then 2 is assumed
|
|
|
|
VERBOSITY=1
|
|
|
|
###############################################################################
|
|
# L O G G I N G
|
|
###############################################################################
|
|
#
|
|
# General note about log levels. Log levels are a method of describing
|
|
# to syslog (8) the importance of a message and a number of parameters
|
|
# in this file have log levels as their value.
|
|
#
|
|
# These levels are defined by syslog and are used to determine the destination
|
|
# of the messages through entries in /etc/syslog.conf (5). The syslog
|
|
# documentation refers to these as "priorities"; Netfilter calls them "levels"
|
|
# and Shorewall also uses that term.
|
|
#
|
|
# Valid levels are:
|
|
#
|
|
# 7 debug
|
|
# 6 info
|
|
# 5 notice
|
|
# 4 warning
|
|
# 3 err
|
|
# 2 crit
|
|
# 1 alert
|
|
# 0 emerg
|
|
#
|
|
# For most Shorewall logging, a level of 6 (info) is appropriate. Shorewall
|
|
# log messages are generated by NetFilter and are logged using facility
|
|
# 'kern' and the level that you specifify. If you are unsure of the level
|
|
# to choose, 6 (info) is a safe bet. You may specify levels by name or by
|
|
# number.
|
|
#
|
|
# If you have built your kernel with ULOG target support, you may also
|
|
# specify a log level of ULOG (must be all caps). Rather than log its
|
|
# messages to syslogd, Shorewall will direct netfilter to log the messages
|
|
# via the ULOG target which will send them to a process called 'ulogd'.
|
|
# ulogd is available with most Linux distributions (although it probably isn't
|
|
# installed by default). Ulogd is also available from
|
|
# http://www.gnumonks.org/projects/ulogd and can be configured to log all
|
|
# Shorewall message to their own log file
|
|
###############################################################################
|
|
#
|
|
# LOG FILE LOCATION
|
|
#
|
|
# This variable tells the /sbin/shorewall program where to look for Shorewall
|
|
# log messages. If not set or set to an empty string (e.g., LOGFILE="") then
|
|
# /var/log/messages is assumed.
|
|
#
|
|
# WARNING: The LOGFILE variable simply tells the 'shorewall' program where to
|
|
# look for Shorewall messages.It does NOT control the destination for
|
|
# these messages. For information about how to do that, see
|
|
#
|
|
# http://www.shorewall.net/shorewall_logging.html
|
|
#
|
|
|
|
LOGFILE=/var/log/messages
|
|
|
|
#
|
|
# LOG FORMAT
|
|
#
|
|
# Shell 'printf' Formatting template for the --log-prefix value in log messages
|
|
# generated by Shorewall to identify Shorewall log messages. The supplied
|
|
# template is expected to accept either two or three arguments; the first is
|
|
# the chain name, the second (optional) is the logging rule number within that
|
|
# chain and the third is the ACTION specifying the disposition of the packet
|
|
# being logged. You must use the %d formatting type for the rule number; if
|
|
# your template does not contain %d then the rule number will not be included.
|
|
#
|
|
# If you want to integrate Shorewall with fireparse, then set LOGFORMAT as:
|
|
#
|
|
# LOGFORMAT="fp=%s:%d a=%s "
|
|
#
|
|
# If not specified or specified as empty (LOGFORMAT="") then the value
|
|
# "Shorewall:%s:%s:" is assumed.
|
|
#
|
|
# CAUTION: /sbin/shorewall uses the leading part of the LOGFORMAT string (up
|
|
# to but not including the first '%') to find log messages in the 'show log',
|
|
# 'status' and 'hits' commands. This part should not be omitted (the
|
|
# LOGFORMAT should not begin with "%") and the leading part should be
|
|
# sufficiently unique for /sbin/shorewall to identify Shorewall messages.
|
|
#
|
|
|
|
LOGFORMAT="Shorewall:%s:%s:"
|
|
|
|
###############################################################################
|
|
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
|
|
###############################################################################
|
|
#
|
|
# IPTABLES
|
|
#
|
|
# Full path to iptables executable Shorewall uses to build the firewall. If
|
|
# not specified or if specified with an empty value (e.g., IPTABLES="") then
|
|
# the iptables executable located via the PATH setting below is used.
|
|
#
|
|
|
|
IPTABLES=
|
|
|
|
#
|
|
# PATH - Change this if you want to change the order in which Shorewall
|
|
# searches directories for executable files.
|
|
#
|
|
|
|
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
|
|
|
#
|
|
# SHELL
|
|
#
|
|
# The firewall script is normally interpreted by /bin/sh. If you wish to change
|
|
# the shell used to interpret that script, specify the shell here.
|
|
#
|
|
|
|
SHOREWALL_SHELL=/bin/sh
|
|
|
|
# SUBSYSTEM LOCK FILE
|
|
#
|
|
# Set this to the name of the lock file expected by your init scripts. For
|
|
# RedHat, this should be /var/lock/subsys/shorewall. If your init scripts don't
|
|
# use lock files, set this to "".
|
|
#
|
|
|
|
SUBSYSLOCK=/var/lock/subsys/shorewall
|
|
|
|
#LAST LINE -- DO NOT REMOVE
|