1SHOREWALL-RTRULES(5)          Configuration Files         SHOREWALL-RTRULES(5)
2
3
4

NAME

6       rtrules - Shorewall Routing Rules file
7

SYNOPSIS

9       /etc/shorewall[6]/rtrules
10

DESCRIPTION

12       Entries in this file cause traffic to be routed to one of the providers
13       listed in shorewall-providers[1](5).
14
15       The columns in the file are as follows.
16
17       SOURCE (Optional) - {-|[&]interface|address|interface:address}
18           An ip address (network or host) that matches the source IP address
19           in a packet. May also be specified as an interface name optionally
20           followed by ":" and an address. If the device lo is specified, the
21           packet must originate from the firewall itself.
22
23           Beginning with Shorewall 4.5.0, you may specify &interface in this
24           column to indicate that the source is the primary IP address of the
25           named interface.
26
27           Beginning with Shorewall 4.6.8, you may specify a comma-separated
28           list of addresses in this column.
29
30       DEST (Optional) - {-|address}
31           An ip address (network or host) that matches the destination IP
32           address in a packet.
33
34           If you choose to omit either SOURCE or DEST, place "-" in that
35           column. Note that you may not omit both SOURCE and DEST.
36
37           Beginning with Shorewall 4.6.8, you may specify a comma-separated
38           list of addresses in this column.
39
40       PROVIDER - {provider-name|provider-number|main}
41           The provider to route the traffic through. May be expressed either
42           as the provider name or the provider number. May also be main or
43           254 for the main routing table. This can be used in combination
44           with VPN tunnels, see example 2 below.
45
46       PRIORITY - priority[!]
47           The rule's numeric priority which determines the order in which the
48           rules are processed. Rules with equal priority are applied in the
49           order in which they appear in the file.
50
51           1000-1999
52               Before Shorewall-generated 'MARK' rules
53
54           11000-11999
55               After 'MARK' rules but before Shorewall-generated rules for ISP
56               interfaces.
57
58           26000-26999
59               After ISP interface rules but before 'default' rule.
60
61           Beginning with Shorewall 5.0.2, the priority may be followed
62           optionally by an exclaimation mark ("!"). This causes the rule to
63           remain in place if the interface is disabled.
64
65               Caution
66               Be careful when using rules of the same PRIORITY as some
67               unexpected behavior can occur when multiple rules have the same
68               SOURCE. For example, in the following rules, the second rule
69               overwrites the first unless the priority in the second is
70               changed to 19001 or higher:
71
72                   10.10.0.0/24    192.168.5.6 provider1 19000
73                   10.10.0.0/24    -           provider2 19000
74
75       MARK - {-|mark[/mask]}
76           Optional -- added in Shorewall 4.4.25. For this rule to be applied
77           to a packet, the packet's mark value must match the mark when
78           logically anded with the mask. If a mask is not supplied, Shorewall
79           supplies a suitable provider mask.
80

EXAMPLES

82       Example 1:
83           You want all traffic coming in on eth1 to be routed to the ISP1
84           provider.
85
86                       #SOURCE                 DEST            PROVIDER        PRIORITY      MASK
87                       eth1                    -               ISP1            1000
88
89       IPv4 Example 2:
90           You use OpenVPN (routed setup /tunX) in combination with multiple
91           providers. In this case you have to set up a rule to ensure that
92           the OpenVPN traffic is routed back through the tunX interface(s)
93           rather than through any of the providers. 10.8.0.0/24 is the subnet
94           chosen in your OpenVPN configuration (server 10.8.0.0
95           255.255.255.0).
96
97                        #SOURCE                 DEST            PROVIDER        PRIORITY     MASK
98                        -                       10.8.0.0/24     main            1000
99

FILES

101       /etc/shorewall/rtrules
102
103       /etc/shorewall6/rtrules
104

SEE ALSO

106       https://shorewall.org/MultiISP.html[2]
107
108       https://shorewall.org/configuration_file_basics.htm#Pairs[3]
109
110       shorewall(8)
111

NOTES

113        1. shorewall-providers
114           https://shorewall.org/manpages/shorewall-providers.html
115
116        2. https://shorewall.org/MultiISP.html
117           https://shorewall.org/MultiISP.html
118
119        3. https://shorewall.org/configuration_file_basics.htm#Pairs
120           https://shorewall.org/configuration_file_basics.htm#Pairs
121
122
123
124Configuration Files               09/24/2020              SHOREWALL-RTRULES(5)
Impressum