1SHOREWALL-ADDRESSES(5)        Configuration Files       SHOREWALL-ADDRESSES(5)
2
3
4

NAME

6       addresses - Specifying addresses within a Shorewall configuration
7

DESCRIPTION

9       In both Shorewall and Shorewall6, there are two basic types of
10       addresses:
11
12       Host Address
13           This address type refers to a single host.
14
15           In IPv4, the format is i.j.k.l where i through l are decimal
16           numbers between 1 and 255.
17
18           In IPv6, the format is a:b:c:d:e:f:g:h where a through h consist of
19           1 to 4 hexadecimal digits (leading zeros may be omitted). a single
20           series of 0 addresses may be omitted. For example
21           2001:227:e857:1:0:0:0:0:1 may be written 2001:227:e857:1::1.
22
23       Network Address
24           A network address refers to 1 or more hosts and consists of a host
25           address followed by a slash ("/") and a Variable Length Subnet Mask
26           (VLSM). This is known as Classless Internet Domain Routing (CIDR)
27           notation.
28
29           The VLSM is a decimal number. For IPv4, it is in the range 0
30           through 32. For IPv6, the range is 0 through 128. The number
31           represents the number of leading bits in the address that represent
32           the network address; the remainder of the bits are a host address
33           and are generally given as zero.
34
35           Examples:
36
37           IPv4: 192.168.1.0/24
38
39           IPv6: 2001:227:e857:1:0:0:0:0:1/64
40
41       In the Shorewall documentation and manpages, we have tried to make it
42       clear which type of address is accepted in each specific case.
43
44       Because Shorewall uses a colon (":") as a separator in many contexts,
45       IPv6 addresses are best written using the standard convention in which
46       the address itself is enclosed in square brackets:
47           [2001:227:e857:1::1]
48           [2001:227:e857:1::]/64
49

SPECIFYING SOURCE AND DEST

51       Entries in Shorewall configuration files often deal with the source
52       (SOURCE) and destination (DEST) of connections and Shorewall implements
53       a uniform way for specifying them.
54
55       A SOURCE or DEST consists of one to three parts separated by colons
56       (":"):
57
58        1. ZONE — The name of a zone declared in /etc/shorewall/zones or
59           /etc/shorewall6/zones. This part is only available in the rules
60           file (/etc/shorewall/rules,
61           /etc/shorewall/blrules,/etc/shorewall6/rules and
62           /etc/shorewall6/blrules).
63
64        2. INTERFACE — The name of an interface that matches an entry in
65           /etc/shorewall/interfaces (/etc/shorewall6/interfaces).
66
67           Beginning with Shorweall 5.2.1, the interface may be preceded with
68           '!' which matches all interfaces except the one specified.
69
70        3. ADDRESS LIST — A list of one or more addresses (host or network) or
71           address ranges, separated by commas. In an IPv6 configuration, this
72           list must be included in square or angled brackets ("[...]" or
73           "<...>"). The list may have exclusion.
74
75       Examples.
76
77        1. All hosts in the net zone — net
78
79        2. Subnet 192.168.1.0/29 in the loc zone — loc:192.168.1.0/29
80
81        3. All hosts in the net zone connecting through ppp0 — net:ppp0
82
83        4. All hosts interfaced by eth3 — eth3
84
85        5. Subnet 10.0.1.0/24 interfacing through eth2 — eth2:10.0.1.0/24
86
87        6. Host 2002:ce7c:92b4:1:a00:27ff:feb1:46a9 in the loc zone —
88           loc:[2002:ce7c:92b4:1:a00:27ff:feb1:46a9]
89
90        7. The primary IP address of eth0 in the $FW zone - $FW:&eth0
91
92        8. All hosts in Vatican City - net:^VA (Requires the GeoIP Match
93           capability).
94

IP ADDRESS RANGES

96       If you kernel and iptables have IP Range match support, you may use IP
97       address ranges in Shorewall configuration file entries; IP address
98       ranges have the syntax <low IP address>-<high IP address>.
99
100       Example: 192.168.1.5-192.168.1.12.
101
102

SEE ALSO

104       For more information about addressing, see theSetup Guide[1].
105

NOTES

107        1. Setup Guide
108           https://shorewall.org/manpages/shorewall_setup_guide.htm#Addressing
109
110
111
112Configuration Files               09/24/2020            SHOREWALL-ADDRESSES(5)
Impressum