1SHOREWALL-INIT(8)           Administrative Commands          SHOREWALL-INIT(8)
2
3
4

NAME

6       shorewall-init - Companion package
7

SYNOPSIS

9       shorewall-init [start|stop]
10

DESCRIPTION

12       Shorewall-init is an optional package (added in Shorewall 4.4.10) that
13       can be installed along with Shorewall, Shorewall6, Shorewall-lite
14       and/or Shorewall6-lite. It provides two key features:
15
16        1. It can close (stop) the firewall during boot prior to starting the
17           network. This can prevent unwanted connections from being accepted
18           after the network comes up but before the firewall is started.
19
20        2. It can interface with your distribution's ifup/ifdown scripts
21           and/or NetworkManager to allow firewall actions when an interface
22           starts or stops.
23
24       These two capabilities can be enabled separately.
25
26       After you install the shorewall-init package, you can activate it by
27       modifying the Shorewall-init configuration file:
28
29       ·   On Debian-based system, the file is /etc/default/shorewall-init.
30
31       ·   On other systems, the file is /etc/sysconfig/shorewall-init.
32
33       To activate the safe boot feature, edit the configuration file and set
34       PRODUCTS to a space-separated list of Shorewall products that you want
35       to be closed before networking starts.
36
37       Example:
38           PRODUCTS="shorewall shorewall6"
39
40       You also must insure that the compiled scripts for the listed products
41       are compiled using Shorewall 4.4.10 or later.
42
43       Shorewall
44           shorewall compile
45
46       Shorewall6
47           shorewall6 compile
48
49       Shorewall-lite
50           On the administrative system, enter the command shorewall export
51           firewall from the firewall's configuration directory.
52
53       Shorewall6-lite
54           On the administrative system, enter the command shorewall6 export
55           firewall from the firewall's configuration directory.
56
57       The second feature (ifup/ifdown and NetworkManager integration) should
58       only be activated on systems that do not use a link status monitor line
59       swping or LSM.
60
61       ·   Edit the configuration file and set IFUPDOWN=1
62
63       For NetworkManager integration, you will want to disable firewall
64       startup at boot and delay it to when your interface comes up. For this
65       to work correctly, you must set the required or the optional option on
66       at least one interface then:
67
68       ·   On Debian-based systems, edit /etc/default/product for each product
69           listed in the PRODUCTS setting and set startup=0.
70
71       ·   On other systems, use the distribution's service control tool
72           (insserv, chkconfig, etc.) to disable startup of the products
73           listed in the PRODUCTS setting.
74
75       On a laptop with both Ethernet and wireless interfaces, you will want
76       to make both interfaces optional and set the REQUIRE_INTERFACE option
77       to Yes in shorewall.conf[1](5) or shorewall6.conf[1] (5). This causes
78       the firewall to remain stopped until at least one of the interfaces
79       comes up.
80

FILES

82       /etc/default/shorewall-init (Debian-based systems) or
83       /etc/sysconfig/shorewall-init (other distributions)
84

SEE ALSO

86       shorewall(8)
87

NOTES

89        1. shorewall.conf
90           https://shorewall.org/manpages/shorewall.conf.html
91
92
93
94Administrative Commands           01/15/2020                 SHOREWALL-INIT(8)
Impressum