1shorewall-lite.conf(5) shorewall-lite.conf(5)
2
6 shorewall-lite.conf - Shorewall Lite global configuration file
7
9 /etc/shorewall-lite/shorewall-lite.conf
10
12 This file sets options that apply to Shorewall Lite as a whole.
13 The file consists of Shell comments (lines beginning with '#'), blank
15 lines and assignment statements (variable=value). Each variable's set‐
16 ting is preceded by comments that describe the variable and it's ef‐
17 fect.
18 Any option not specified in this file gets its value from the shore‐
20 wall.conf file used during compilation of /var/lib/shorewall-lite/fire‐
21 wall. Those settings may be found in the file /var/lib/shorewall-
22 lite/firewall.conf.
23
25 The following options may be set in shorewall.conf.
26 IPTABLES=[pathname]
28 This parameter names the iptables executable to be used by
29 Shorewall. If not specified or if specified as a null value,
30 then the iptables executable located using the PATH option is
31 used.
32 LOGFILE=[pathname]
34 This parameter tells the /sbin/shorewall program where to look
35 for Shorewall messages when processing the dump, logwatch, show
36 log, and hits commands. If not assigned or if assigned an empty
37 value, /var/log/messages is assumed.
38 LOGFORMAT=["formattemplate"]
40 The value of this variable generate the --log-prefix setting for
41 Shorewall logging rules. It contains a “printf” formatting tem‐
42 plate which accepts three arguments (the chain name, logging
43 rule number (optional) and the disposition). To use LOGFORMAT
44 with fireparse, set it as:
45 LOGFORMAT="fp=%s:%d a=%s "
47 If the LOGFORMAT value contains the substring “%d” then the log‐
49 ging rule number is calculated and formatted in that position;
50 if that substring is not included then the rule number is not
51 included. If not supplied or supplied as empty (LOGFORMAT="")
52 then “Shorewall:%s:%s:” is assumed.
53 PATH=[pathname[:pathname]...]
55 Determines the order in which Shorewall searches directories for
56 executable files.
57 RESTOREFILE=[filename]
59 Specifies the simple name of a file in /var/lib/shorewall to be
60 used as the default restore script in the shorewall save, shore‐
61 wall restore, shorewall forget and shorewall -f start commands.
62 SHOREWALL_SHELL=[pathname]
64 This option is used to specify the shell program to be used to
65 run the Shorewall compiler and to interpret the compiled script.
66 If not specified or specified as a null value, /bin/sh is as‐
67 sumed. Using a light-weight shell such as ash or dash can sig‐
68 nificantly improve performance.
69 SUBSYSLOCK=[pathname]
71 This parameter should be set to the name of a file that the
72 firewall should create if it starts successfully and remove when
73 it stops. Creating and removing this file allows Shorewall to
74 work with your distribution's initscripts. For RedHat, this
75 should be set to /var/lock/subsys/shorewall. For Debian, the
76 value is /var/state/shorewall and in LEAF it is
77 /var/run/shorwall.
78 VERBOSITY=[number]
80 Shorewall has traditionally been very noisy (produced lots of
81 output). You may set the default level of verbosity using the
82 VERBOSITY OPTION.
83 Values are:
85 0 — Silent. You may make it more verbose using the -v option
87 1 — Major progress messages displayed
88 2 — All progress messages displayed (old default behavior)
89 If not specified, then 2 is assumed.
91
93 /etc/shorewall-lite/shorewall.conf
94
96 ⟨http://www.shorewall.net/Documentation_Index.html⟩
97 shorewall-lite(8), shorewall-accounting(5), shorewall-actions(5),
99 shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
100 shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5), shorewall-
101 nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
102 shorewall-providers(5), shorewall-proxyarp(5), shorewall-
103 route_rules(5), shorewall-routestopped(5), shorewall-rules(5), shore‐
104 wall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shore‐
105 wall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
106 19 May 2008 shorewall-lite.conf(5)