1SHOREWALL-FILES(5)            Configuration Files           SHOREWALL-FILES(5)
2
3
4

NAME

6       files - Shorewall Configuration Files
7

SYNOPSIS

9       /etc/shorewall[6]/*
10

DESCRIPTION

12       The following are the Shorewall[6] configuration files:
13
14       ·   /etc/shorewall/shorewall.conf and
15           /etc/shorewall6/shorewall6.conf[1] - used to set global firewall
16           parameters.
17
18       ·   /etc/shorewall[6]/params[2] - use this file to set shell variables
19           that you will expand in other files. It is always processed by
20           /bin/sh or by the shell specified through SHOREWALL_SHELL in
21           /etc/shorewall/shorewall.conf.
22
23       ·   /etc/shorewall[6]/zones[3] - partition the firewall's view of the
24           world into zones.
25
26       ·   /etc/shorewall[6]/policy[4] - establishes firewall high-level
27           policy.
28
29       ·   /etc/shorewall[6]/initdone - An optional Perl script that will be
30           invoked by the Shorewall rules compiler when the compiler has
31           finished it's initialization.
32
33       ·   /etc/shorewall[6]/interfaces[5] - describes the interfaces on the
34           firewall system.
35
36       ·   /etc/shorewall[6]/hosts[6] - allows defining zones in terms of
37           individual hosts and subnetworks.
38
39       ·   /etc/shorewall[6]/masq[7] - directs the firewall where to use
40           many-to-one (dynamic) Network Address Translation (a.k.a.
41           Masquerading) and Source Network Address Translation (SNAT).
42           Superseded by /etc/shorewall[6]/snat in Shorewall 5.0.14 and not
43           supported in Shorewall 5.1.0 and later versions.
44
45       ·   /etc/shorewall[6]/mangle[8] - supersedes /etc/shorewall/tcrules in
46           Shorewall 4.6.0. Contains rules for packet marking, TTL, TPROXY,
47           etc.
48
49       ·   /etc/shorewall[6]/rules[9] - defines rules that are exceptions to
50           the overall policies established in /etc/shorewall/policy.
51
52       ·   /etc/shorewall[6]/nat[10] - defines one-to-one NAT rules.
53
54       ·   /etc/shorewall6/proxyarp[11] - defines use of Proxy ARP.
55
56       ·   /etc/shorewall6/proxyndp[12] - defines use of Proxy NDP.
57
58       ·   /etc/shorewall[6]/routestopped - defines hosts accessible when
59           Shorewall is stopped. Superseded in Shorewall 4.6.8 by
60           /etc/shorewall/stoppedrules. Not supported in Shorewall 5.0.0 and
61           later versions.
62
63       ·   /etc/shorewall[6]/tcrules[13]- The file has a rather unfortunate
64           name because it is used to define marking of packets for later use
65           by both traffic control/shaping and policy routing. This file is
66           superseded by /etc/shorewall/mangle in Shorewall 4.6.0. Not
67           supported in Shorewall 5.0.0 and later releases.
68
69       ·   /etc/shorewall[6]/tos[14] - defines rules for setting the TOS field
70           in packet headers. Superseded in Shorewall 4.5.1 by the TOS target
71           in /etc/shorewall/tcrules (which file has since been superseded by
72           /etc/shorewall/mangle). Not supported in Shorewall 5.0.0 and later
73           versions.
74
75       ·   /etc/shorewall[6]/tunnels[15] - defines tunnels (VPN) with
76           end-points on the firewall system.
77
78       ·   /etc/shorewall[6]/blacklist[16] - Deprecated in favor of
79           /etc/shorewall/blrules. Lists blacklisted IP/subnet/MAC addresses.
80           Not supported in Shorewall 5.0.0 and later releases.
81
82       ·   /etc/shorewall[6]/blrules — Added in Shorewall 4.5.0. Define
83           blacklisting and whitelisting. Supersedes /etc/shorewall/blacklist.
84
85       ·   /etc/shorewall[6]/init - shell commands that you wish to execute at
86           the beginning of a “shorewall start”, "shorewall reload" or
87           “shorewall restart”.
88
89       ·   /etc/shorewall[6]/start - shell commands that you wish to execute
90           near the completion of a “shorewall start”, "shorewall reload" or
91           “shorewall restart”
92
93       ·   /etc/shorewall[6]/started - shell commands that you wish to execute
94           after the completion of a “shorewall start”, "shorewall reload" or
95           “shorewall restart”
96
97       ·   /etc/shorewall[6]/stop- commands that you wish to execute at the
98           beginning of a “shorewall stop”.
99
100       ·   /etc/shorewall[6]/stopped - shell commands that you wish to execute
101           at the completion of a “shorewall stop”.
102
103       ·   /etc/shorewall/ecn[17] - disable Explicit Congestion Notification
104           (ECN - RFC 3168) to remote hosts or networks. Superseded by ECN
105           entries in /etc/shorewall/mangle in Shorewall 5.0.6.
106
107       ·   /etc/shorewall/accounting[18] - define IP traffic accounting rules
108
109       ·   /etc/shorewall[6]/actions[19] and
110           /usr/share/shorewall[6]/action.template allow user-defined actions.
111
112       ·   /etc/shorewall[6]/providers[20] - defines alternate routing tables.
113
114       ·   /etc/shorewall[6]/rtrules[21] - Defines routing rules to be used in
115           conjunction with the routing tables defined in
116           /etc/shorewall/providers.
117
118       ·   /etc/shorewall[6]/tcdevices[22], /etc/shorewall[6]/tcclasses[23],
119           /etc/shorewall[6]/tcfilters[24] - Define complex traffic shaping.
120
121       ·   /etc/shorewall[6]/tcrules[13] - Mark or classify traffic for
122           traffic shaping or multiple providers. Deprecated in Shorewall
123           4.6.0 in favor of /etc/shorewall/mangle. Not supported in Shorewall
124           5.0.0 and later releases.
125
126       ·   /etc/shorewall[6]/tcinterfaces[25] and /etc/shorewall[6]/tcpri[26]
127           - Define simple traffic shaping.
128
129       ·   /etc/shorewall[6]/secmarks[27] - Added in Shorewall 4.4.13. Attach
130           an SELinux context to selected packets.
131
132       ·   /etc/shorewall[6]/vardir[28] - Determines the directory where
133           Shorewall maintains its state.
134
135       ·   /etc/shorewall/arprules[29] — Added in Shorewall 4.5.12. Allows
136           specification of arptables rules.
137
138       ·   /etc/shorewall/mangle[8] -- Added in Shorewall 4.6.0.
139           Supersedes/etc/shorewall/tcrules.
140
141       ·   /etc/shorewall[6]/snat[30] - directs the firewall where to use
142           many-to-one (dynamic) Network Address Translation (a.k.a.
143           Masquerading) and Source Network Address Translation (SNAT).
144           Superseded /etc/shorewall[6]/masq in Shorewall 5.0.14
145
146       ·   /usr/share/shorewall[6]/actions.std - Actions defined by Shorewall.
147
148       ·   /usr/share/shorewall[6]/action.*  - Details of actions defined by
149           Shorewall.
150
151       ·   /usr/share/shorewall[6]/macro.*  - Details of macros defined by
152           Shorewall.
153
154       ·   /usr/share/shorewall[6]/modules — Specifies the kernel modules to
155           be loaded during shorewall start/restart.
156
157       ·   /usr/share/shorewall[6]/helpers — Added in Shorewall 4.4.7.
158           Specifies the kernel modules to be loaded during shorewall
159           start/restart when LOAD_HELPERS_ONLY=Yes in shorewall.conf.
160

CONFIG_PATH

162       The CONFIG_PATH option in shorewall[6].conf(5)[20] determines where the
163       compiler searches for configuration files. The default setting is
164       CONFIG_PATH=/etc/shorewall:/usr/share/shorewall which means that the
165       compiler first looks in /etc/shorewall and if it doesn't find the file,
166       it then looks in /usr/share/shorewall.
167
168       You can change this setting to have the compiler look in different
169       places. For example, if you want to put your own versions of standard
170       macros in /etc/shorewall/Macros, then you could set
171       CONFIG_PATH=/etc/shorewall:/etc/shorewall/Macros:/usr/share/shorewall
172       and the compiler will use your versions rather than the standard ones.
173

COMMENTS

175       You may place comments in configuration files by making the first
176       non-whitespace character a pound sign (“#”). You may also place
177       comments at the end of any line, again by delimiting the comment from
178       the rest of the line with a pound sign.
179
180       Example 1. Comments in a Configuration File
181
182           # This is a comment
183           ACCEPT  net     $FW      tcp     www     #This is an end-of-line comment
184
185           Important
186           Except in shorewall.conf(5)[1] and params(5)[2], if a comment ends
187           with a backslash ("\"), the next line will also be treated as a
188           comment. See Line Continuation below.
189

BLANK LINES

191       Most of the configuration files are organized into space-separated
192       columns. If you don't want to supply a value in a column but want to
193       supply a value in a following column, simply enter '-' to make the
194       column appear empty.
195
196       Example:
197
198           #INTERFACE         BROADCAST            OPTIONS
199           br0                -                    routeback
200

LINE CONTINUATION

202       Lines may be continued using the usual backslash (“\”) followed
203       immediately by a new line character (Enter key).
204
205           ACCEPT  net     $FW      tcp \↵
206           smtp,www,pop3,imap  #Services running on the firewall
207
208
209           Important
210           What follows does NOT apply to shorewall-params(5)[31] and
211           shorewall.conf(5)[1].
212
213       In certain cases, leading white space is ignored in continuation lines:
214
215        1. The continued line ends with a colon (":")
216
217        2. The continued line ends with a comma (",")
218
219       Example (/etc/shorewall/rules):
220
221           #ACTION     SOURCE          DEST            PROTO           DPORT
222           ACCEPT      net:\
223                       206.124.146.177,\
224                       206.124.146.178,\
225                       206.124.146.180\
226                                       dmz             tcp             873
227
228       The leading white space on the first through third continuation lines
229       is ignored so the SOURCE column effectively contains
230       "net:206.124.146.177,206.124.147.178,206.124.146.180". Because the
231       third continuation line does not end with a comma or colon, the leading
232       white space in the last line is not ignored.
233
234           Important
235           A trailing backslash is not ignored in a comment. So the continued
236           rule above can be commented out with a single '#' as follows:
237
238               #ACTION     SOURCE          DEST            PROTO           DPORT
239               #ACCEPT     net:\
240                           206.124.146.177,\
241                           206.124.146.178,\
242                           206.124.146.180\
243                                           dmz             tcp             873
244

ALTERNATIVE SPECIFICATION OF COLUMN VALUES

246       Some of the configuration files now have a large number of columns.
247       That makes it awkward to specify a value for one of the right-most
248       columns as you must have the correct number of intervening '-' columns.
249
250       This problem is addressed by allowing column values to be specified as
251       column-name/value pairs.
252
253       There is considerable flexibility in how you specify the pairs:
254
255       ·   At any point, you can enter a left curly bracket ('{') followed by
256           one or more specifications of the following forms:
257               column-name=value
258               column-name=>value
259               column-name:value
260           The pairs must be followed by a right curly bracket ("}").
261
262           The value may optionally be enclosed in double quotes.
263
264           The pairs must be separated by white space, but you can add a comma
265           adjacent to the values for readability as in:
266               { proto=>udp, port=1024
267                         }
268
269       ·   You can also separate the pairs from columns by using a semicolon:
270               ; proto:udp,
271                         port:1024
272
273       In Shorewall 5.0.3, the sample configuration files and the man pages
274       were updated to use the same column names in both the column headings
275       and in the alternate specification format. The following table shows
276       the column names for each of the table-oriented configuration files.
277
278           Note
279           Column names are case-insensitive.
280
281       ┌──────────────────────┬───────────────────────────────────────────────────────────────────────────────────────────────────┐
282File                  Column names                                                                                      
283       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
284       │accounting            │ action,chain, source,                                                                             │
285       │                      │ dest, proto, dport, sport,                                                                        │
286       │                      │ user,                                                                                             │
287       │                      │             mark, ipsec,                                                                          │
288       │                      │ headers                                                                                           │
289       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
290       │conntrack             │ action,source,dest,proto,dport,sport,user,switch                                                  │
291       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
292       │blacklist             │ networks,proto,port,options                                                                       │
293       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
294       │blrules               │ action,source,dest,proto,dport,sport,origdest,rate,user,mark,connlimit,time,headers,switch,helper │
295       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
296       │ecn                   │ interface,hosts. Beginning with Shorewall 4.5.4, 'host' is                                        │
297       │                      │             a synonym for 'hosts'.                                                                │
298       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
299       │hosts                 │ zone,hosts,options. Beginning with Shorewall 4.5.4, 'host'                                        │
300       │                      │             is a synonym for 'hosts'.                                                             │
301       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
302       │interfaces            │ zone,interface,broadcast,options                                                                  │
303       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
304       │maclist               │ disposition,interface,mac,addresses                                                               │
305       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
306       │mangle                │ action,source,dest,proto,dport,sport,user,test,length,tos,connbytes,helper,headers                │
307       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
308       │masq                  │ interface,source,address,proto,port,ipsec,mark,user,switch                                        │
309       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
310       │nat                   │ external,interface,internal,allints,local                                                         │
311       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
312       │netmap                │ type,net1,interface,net2,net3,proto,dport,sport                                                   │
313       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
314       │notrack               │ source,dest,proto,dport,sport,user                                                                │
315       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
316       │policy                │ source,dest,policy,loglevel,limit,connlimit                                                       │
317       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
318       │providers             │ table,number,mark,duplicate,interface,gateway,options,copy                                        │
319       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
320       │proxyarp and proxyndp │ address,interface,external,haveroute,persistent                                                   │
321       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
322       │rtrules               │ source,dest,provider,priority                                                                     │
323       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
324       │routes                │ provider,dest,gateway,device                                                                      │
325       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
326       │routestopped          │ interface,hosts,options,proto,dport,sport                                                         │
327       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
328       │rules                 │ action,source,dest,proto,dport,sport,origdest,rate,user,mark,connlimit,time,headers,switch,helper │
329       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
330       │secmarks              │ secmark,chain,source,dest,proto,dport,sport,user,mark                                             │
331       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
332       │tcclasses             │ interface,mark,rate,ceil,prio,options                                                             │
333       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
334       │tcdevices             │ interface,in_bandwidth,out_bandwidth,options,redirect                                             │
335       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
336       │tcfilters             │ class,source,dest,proto,dport,sport,tos,length                                                    │
337       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
338       │tcinterfaces          │ interface,type,in_bandwidth,out_bandwidth                                                         │
339       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
340       │tcpri                 │ band,proto,port,address,interface,helper                                                          │
341       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
342       │tcrules               │ mark,source,dest,proto,dport,sport,user,test,length,tos,connbytes,helper,headers.                 │
343       │                      │             Beginning with Shorewall 4.5.3, 'action' is a synonym for                             │
344       │                      │             'mark'.                                                                               │
345       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
346       │tos                   │ source,dest,proto,dport,sport,tos,mark                                                            │
347       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
348       │tunnels               │ type,zone,gateway,gateway_zone. Beginning with Shorewall                                          │
349       │                      │             4.5.3, 'gateways' is a synonym for 'gateway'. Beginning with                          │
350       │                      │             Shorewall 4.5.4, 'gateway_zones' is a synonym for                                     │
351       │                      │             'gateway_zone'.                                                                       │
352       ├──────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────┤
353       │zones                 │ zone,type,options,in_options,out_options                                                          │
354       └──────────────────────┴───────────────────────────────────────────────────────────────────────────────────────────────────┘
355
356       Example (rules file):
357
358           #ACTION         SOURCE            DEST            PROTO   DPORT
359           DNAT            net               loc:10.0.0.1    tcp     80    ; mark="88"
360
361       Here's the same line in several equivalent formats:
362
363           { action=>DNAT, source=>net, dest=>loc:10.0.0.1, proto=>tcp, dport=>80, mark=>88 }
364           ; action:"DNAT" source:"net"  dest:"loc:10.0.0.1" proto:"tcp" dport:"80" mark:"88"
365           DNAT { source=net dest=loc:10.0.0.1 proto=tcp dport=80 mark=88 }
366
367       Beginning with Shorewall 5.0.11, ip[6]table comments can be attached to
368       individual rules using the comment keyword.
369
370       Example from the rules file:
371
372                   ACCEPT net $FW { proto=tcp, dport=22, comment="Accept \"SSH\"" }
373
374       As shown in that example, when the comment contains whitespace, it must
375       be enclosed in double quotes and any embedded double quotes must be
376       escaped using a backslash ("\").
377

TIME COLUMNS

379       Several of the files include a TIME column that allows you to specify
380       times when the rule is to be applied. Contents of this column is a list
381       of timeelements separated by apersands (&).
382
383       Each timeelement is one of the following:
384
385       timestart=hh:mm[:ss]
386           Defines the starting time of day.
387
388       timestop=hh:mm[:ss]
389           Defines the ending time of day.
390
391       contiguous
392           Added in Shoreawll 5.0.12. When timestop is smaller than timestart
393           value, match this as a single time period instead of distinct
394           intervals. See the Examples below.
395
396       utc
397           Times are expressed in Greenwich Mean Time.
398
399       localtz
400           Deprecated by the Netfilter team in favor of kerneltz. Times are
401           expressed in Local Civil Time (default).
402
403       kerneltz
404           Added in Shorewall 4.5.2. Times are expressed in Local Kernel Time
405           (requires iptables 1.4.12 or later).
406
407       weekdays=ddd[,ddd]...
408           where ddd is one of Mon, Tue, Wed, Thu, Fri, Sat or Sun
409
410       monthdays=dd[,dd],...
411           where dd is an ordinal day of the month
412
413       datestart=yyyy[-mm[-dd[Thh[:mm[:ss]]]]]
414           Defines the starting date and time.
415
416       datestop=yyyy[-mm[-dd[Thh[:mm[:ss]]]]]
417           Defines the ending date and time.
418
419       Examples:
420
421       To match on weekends, use:
422
423           weekdays=Sat,Sun
424
425       Or, to match (once) on a national holiday block:
426
427           datestart=2016-12-24&datestop=2016-12-27
428
429       Since the stop time is actually inclusive, you would need the following
430       stop time to not match the first second of the new day:
431
432           datestart=2016-12-24T17:00&datestop=2016-12-27T23:59:59
433
434       During Lunch Hour
435
436       The fourth Friday in the month:
437
438           weekdays=Fri&monthdays=22,23,24,25,26,27,28
439
440       Matching across days might not do what is expected. For instance,
441
442           weekdays=Mon&timestart=23:00&timestop=01:00
443
444           Will match Monday, for one hour from midnight to 1 a.m., and then
445           again for another hour from 23:00 onwards. If this is unwanted,
446           e.g. if you would like 'match for two hours from Montay 23:00
447           onwards' you need to also specify the contiguous option in the
448           example above.
449

SWITCHES

451       here are times when you would like to enable or disable one or more
452       rules in the configuration without having to do a shorewall reload or
453       shorewall restart. This may be accomplished using the SWITCH column in
454       shorewall-rules[32] (5) or shorewall6-rules[33] (5). Using this column
455       requires that your kernel and iptables include Condition Match Support
456       and you must be running Shorewall 4.4.24 or later. See the output of
457       shorewall show capabilities and shorewall version to determine if you
458       can use this feature.
459
460       The SWITCH column contains the name of a switch.  Each switch is
461       initially in the off position. You can turn on the switch named switch1
462       by:
463           echo 1 >
464                 /proc/net/nf_condition/switch1
465
466       You can turn it off again by:
467           echo 0 >
468                 /proc/net/nf_condition/switch1
469
470       If you simply include the switch name in the SWITCH column, then the
471       rule is enabled only when the switch is on. If you precede the switch
472       name with ! (e.g., !switch1), then the rule is enabled only when the
473       switch is off. Switch settings are retained over shorewall restart.
474
475       Shorewall requires that switch names:
476
477       ·   begin with a letter and be composed of letters, digits, underscore
478           ('_') or hyphen ('-'); and
479
480       ·   be 30 characters or less in length.
481
482       Multiple rules can be controlled by the same switch.
483
484       Example:
485
486       Forward port 80 to dmz host $BACKUP if switch 'primary_down' is on.
487
488           #ACTION     SOURCE          DEST        PROTO       DPORT        SPORT     ORIGDEST   RATE      USER      MARK    CONNLIMIT     TIME     HEADERS    SWITCH
489           DNAT        net             dmz:$BACKUP tcp         80           -         -          -         -         -       -             -        -          primary_down
490

FILES

492       /etc/shorewall[6]/*
493

NOTES

495        1. /etc/shorewall/shorewall.conf
496                   and /etc/shorewall6/shorewall6.conf
497           http://www.shorewall.netshorewall.conf.html
498
499        2. /etc/shorewall[6]/params
500           http://www.shorewall.netshorewall-params.html
501
502        3. /etc/shorewall[6]/zones
503           http://www.shorewall.netshorewall-zones.html
504
505        4. /etc/shorewall[6]/policy
506           http://www.shorewall.netshorewall-policy.html
507
508        5. /etc/shorewall[6]/interfaces
509           http://www.shorewall.netshorewall-interfaces.html
510
511        6. /etc/shorewall[6]/hosts
512           http://www.shorewall.netshorewall-hosts.html
513
514        7. /etc/shorewall[6]/masq
515           http://www.shorewall.netshorewall-masq.html
516
517        8. /etc/shorewall[6]/mangle
518           http://www.shorewall.netshorewall-mangle.html
519
520        9. /etc/shorewall[6]/rules
521           http://www.shorewall.netshorewall-rules.html
522
523       10. /etc/shorewall[6]/nat
524           http://www.shorewall.netshorewall-nat.html
525
526       11. /etc/shorewall6/proxyarp
527           http://www.shorewall.netshorewall-proxyarp.html
528
529       12. /etc/shorewall6/proxyndp
530           http://www.shorewall.netshorewall-proxyndp.html
531
532       13. /etc/shorewall[6]/tcrules
533           http://www.shorewall.netshorewall-tcrules.html
534
535       14. /etc/shorewall[6]/tos
536           http://www.shorewall.netshorewall-tos.html
537
538       15. /etc/shorewall[6]/tunnels
539           http://www.shorewall.netshorewall-tunnels.html
540
541       16. /etc/shorewall[6]/blacklist
542           http://www.shorewall.netshorewall-blacklist.html
543
544       17. /etc/shorewall/ecn
545           http://www.shorewall.netshorewall-ecn.html
546
547       18. /etc/shorewall/accounting
548           http://www.shorewall.netshorewall-accounting.html
549
550       19. /etc/shorewall[6]/actions
551           http://www.shorewall.netshorewall-actions.html
552
553       20. /etc/shorewall[6]/providers
554           http://www.shorewall.net???
555
556       21. /etc/shorewall[6]/rtrules
557           http://www.shorewall.netshorewall-rtrules.html
558
559       22. /etc/shorewall[6]/tcdevices
560           http://www.shorewall.netshorewall-tcdevices.html
561
562       23. /etc/shorewall[6]/tcclasses
563           http://www.shorewall.netshorewall-tcclasses.html
564
565       24. /etc/shorewall[6]/tcfilters
566           http://www.shorewall.netshorewall-tcfilters.html
567
568       25. /etc/shorewall[6]/tcinterfaces
569           http://www.shorewall.netshorewall-tcinterfaces.html
570
571       26. /etc/shorewall[6]/tcpri
572           http://www.shorewall.netshorewall-tcpri.html
573
574       27. /etc/shorewall[6]/secmarks
575           http://www.shorewall.netshorewall-secmarks.html
576
577       28. /etc/shorewall[6]/vardir
578           http://www.shorewall.netshorewall-vardir.html
579
580       29. /etc/shorewall/arprules
581           http://www.shorewall.netshorewall-arprules.html
582
583       30. /etc/shorewall[6]/snat
584           http://www.shorewall.netshorewall-snat.html
585
586       31. shorewall-params(5)
587           http://www.shorewall.netmanpages/shorewall-params.html
588
589       32. shorewall-rules
590           http://www.shorewall.netmanpages/shorewall-rules.html
591
592       33. shorewall6-rules
593           http://www.shorewall.netmanpages6/shorewall6-rules.html
594
595
596
597Configuration Files               01/17/2019                SHOREWALL-FILES(5)
Impressum