1SHOREWALL6-ROUTESTO(5) [FIXME: manual] SHOREWALL6-ROUTESTO(5)
2
6 routestopped - The Shorewall6 file that governs what traffic flows
7 through the firewall while it is in 'stopped' state.
8
10 /etc/shorewall6/routestopped
11
13 This file is used to define the hosts that are accessible when the
14 firewall is stopped or is being stopped. When shorewall6-shell is being
15 used, the file also determines those hosts that are accessible when the
16 firewall is in the process of being [re]started.
17 The columns in the file are as follows.
19 INTERFACE - interface
21 Interface through which host(s) communicate with the firewall
22 HOST(S) (Optional) - [-|address[,address]...]
24 Comma-separated list of IP/subnet addresses. If your kernel and
25 ip6tables include iprange match support, IP address ranges are also
26 allowed.
27 If left empty or supplied as "-", 0.0.0.0/0 is assumed.
29 OPTIONS (Optional) - [-|option[,option]...]
31 A comma-separated list of options. The order of the options is not
32 important but the list can contain no embedded whitespace. The
33 currently-supported options are:
34 routeback
36 Set up a rule to ACCEPT traffic from these hosts back to
37 themselves. Beginning with Shorewall 4.4.9, this option is
38 automatically set if routeback is specified in
39 shorewall6-interfaces[1] (5) or if the rules compiler detects
40 that the interface is a bridge.
41 source
43 Allow traffic from these hosts to ANY destination. Without this
44 option or the dest option, only traffic from this host to other
45 listed hosts (and the firewall) is allowed. If source is
46 specified then routeback is redundant.
47 dest
49 Allow traffic to these hosts from ANY source. Without this
50 option or the source option, only traffic from this host to
51 other listed hosts (and the firewall) is allowed. If dest is
52 specified then routeback is redundant.
53 critical
55 Allow traffic between the firewall and these hosts throughout
56 '[re]start', 'stop' and 'clear'. Specifying critical on one or
57 more entries will cause your firewall to be "totally open" for
58 a brief window during each of those operations. Examples of
59 where you might want to use this are:
60 · 'Ping' nodes with heartbeat.
62 · LDAP server(s) if you use LDAP Authentication
64 · NFS Server if you have an NFS-mounted root filesystem.
66 Note
68 The source and dest options work best when used in conjunction with
69 ADMINISABSENTMINDED=Yes in shorewall6.conf[2](5).
70
72 Example 1:
73 #INTERFACE HOST(S) OPTIONS
75 eth2 2002:ce7c:92b4::/64
76 eth0 2002:ce7c:92b4:1::/64
77 br0 - routeback
78 eth3 - source
79
81 /etc/shorewall6/routestopped
82
84 http://shorewall.net/starting_and_stopping_shorewall.htm
85 shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
87 shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
88 shorewall6-maclist(5), shorewall6-params(5), shorewall6-policy(5),
89 shorewall6-providers(5), shorewall6-route_rules(5),
90 shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
91 shorewall6-tcclasses(5), shorewall6-tcdevices(5),
92 shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5),
93 shorewall6-zones(5)
94
96 1. shorewall6-interfaces
97 http://www.shorewall.net/manpages6/shorewall6-interfaces.html
98 2. shorewall6.conf
100 http://www.shorewall.net/manpages6/shorewall6.conf.html
101[FIXME: source] 09/16/2011 SHOREWALL6-ROUTESTO(5)