1shorewall-routestopped(5)                            shorewall-routestopped(5)
2
3
4

NAME

6       routestopped  -  The  Shorewall  file  that  governs what traffic flows
7       through the firewall while it is in 'stopped' state.
8

SYNOPSIS

10       /etc/shorewall/routestopped
11

DESCRIPTION

13       This file is used to define the hosts  that  are  accessible  when  the
14       firewall  is stopped or is being stopped. When shorewall-shell is being
15       used, the file also determines those hosts that are accessible when the
16       firewall is in the process of being [re]started.
17
18       The columns in the file are as follows.
19
20       INTERFACE — interface
21              Interface through which host(s) communicate with the firewall
22
23       HOST(S) (Optional) — [-|address[,address]...]
24              Comma-separated  list of IP/subnet addresses. If your kernel and
25              iptables include iprange match support, IP  address  ranges  are
26              also allowed.
27
28              If left empty or supplied as "-", 0.0.0.0/0 is assumed.
29
30       OPTIONS (Optional) — [-|option[,option]...]
31              A  comma-separated  list of options. The order of the options is
32              not important but the list can contain no  embedded  whitespace.
33              The currently-supported options are:
34
35              routeback
36                     Set  up a rule to ACCEPT traffic from these hosts back to
37                     themselves.
38
39              source Allow traffic from these hosts to ANY destination.  With‐
40                     out  this  option  or  the dest option, only traffic from
41                     this host to other listed hosts (and the firewall) is al‐
42                     lowed.  If  source  is specified then routeback is redun‐
43                     dant.
44
45              dest   Allow traffic to these hosts  from  ANY  source.  Without
46                     this  option or the source option, only traffic from this
47                     host to other listed hosts (and the firewall) is allowed.
48                     If dest is specified then routeback is redundant.
49
50              critical
51                     Allow  traffic  between  the  firewall  and  these  hosts
52                     throughout '[re]start', 'stop'  and  'clear'.  Specifying
53                     critical  on one or more entries will cause your firewall
54                     to be "totally open" for a brief window  during  each  of
55                     those operations. Examples of where you might want to use
56                     this are:
57
58                     · 'Ping' nodes with heartbeat.
59
60                     · LDAP server(s) if you use LDAP Authentication
61
62                     · NFS Server if you have an NFS-mounted root filesystem.
63              Note
64
65              The source and dest options work best when used  in  conjunction
66              with ADMINISABSENTMINDED=Yes in shorewall.conf
67              ⟨shorewall.conf.html⟩ (5).
68

EXAMPLE

70       Example 1:
71                      #INTERFACE      HOST(S)                 OPTIONS
72                      eth2            192.168.1.0/24
73                      eth0            192.0.2.44
74                      br0             -                       routeback
75                      eth3            -                       source
76

FILES

78       /etc/shorewall/routestopped
79

SEE ALSO

81       ⟨http://shorewall.net/starting_and_stopping_shorewall.htm⟩
82
83       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
84       blacklist(5),  shorewall-hosts(5),  shorewall-interfaces(5), shorewall-
85       ipsec(5),  shorewall-maclist(5),  shorewall-masq(5),  shorewall-nat(5),
86       shorewall-netmap(5),  shorewall-params(5),  shorewall-policy(5), shore‐
87       wall-providers(5),   shorewall-proxyarp(5),   shorewall-route_rules(5),
88       shorewall-rules(5),  shorewall.conf(5),  shorewall-tcclasses(5), shore‐
89       wall-tcdevices(5), shorewall-tcrules(5),  shorewall-tos(5),  shorewall-
90       tunnels(5), shorewall-zones(5)
91
92
93
94                                  19 May 2008        shorewall-routestopped(5)