shorewall-lite.con(5)

NAME

shorewall-lite.conf - Shorewall Lite global configuration file

SYNOPSIS

/etc/shorewall-lite/shorewall-lite.conf

DESCRIPTION

This file sets options that apply to Shorewall Lite as a whole.

The file consists of Shell comments (lines beginning with ´#´), blank
lines and assignment statements (variable=value). Each variable´s setting is preceded by comments that describe the variable and it´s
effect.

Any option not specified in this file gets its value from the
shorewall.conf file used during compilation of
/var/lib/shorewall-lite/firewall. Those settings may be found in the
file /var/lib/shorewall-lite/firewall.conf.

OPTIONS

The following options may be set in shorewall.conf.

IPTABLES=[pathname]
This parameter names the iptables executable to be used by
Shorewall. If not specified or if specified as a null value, then
the iptables executable located using the PATH option is used.
LOGFILE=[pathname]
This parameter tells the /sbin/shorewall program where to look for Shorewall messages when processing the dump, logwatch, show log, and hits commands. If not assigned or if assigned an empty value, /var/log/messages is assumed.
LOGFORMAT=["formattemplate"]
The value of this variable generate the --log-prefix setting for
Shorewall logging rules. It contains a "printf" formatting template which accepts three arguments (the chain name, logging rule number (optional) and the disposition). To use LOGFORMAT with fireparse,
set it as:

LOGFORMAT="fp=%s:%d a=%s "
If the LOGFORMAT value contains the substring "%d" then the logging rule number is calculated and formatted in that position; if that
substring is not included then the rule number is not included. If not supplied or supplied as empty (LOGFORMAT="") then
"Shorewall:%s:%s:" is assumed.
PATH=[pathname[:pathname]...]
Determines the order in which Shorewall searches directories for
executable files.
RESTOREFILE=[filename]
Specifies the simple name of a file in /var/lib/shorewall to be
used as the default restore script in the shorewall save, shorewall restore, shorewall forget and shorewall -f start commands.
SHOREWALL_SHELL=[pathname]
This option is used to specify the shell program to be used to run the Shorewall compiler and to interpret the compiled script. If not specified or specified as a null value, /bin/sh is assumed. Using a light-weight shell such as ash or dash can significantly improve
performance.
SUBSYSLOCK=[pathname]
This parameter should be set to the name of a file that the
firewall should create if it starts successfully and remove when it stops. Creating and removing this file allows Shorewall to work
with your distribution´s initscripts. For RedHat, this should be
set to /var/lock/subsys/shorewall. For Debian, the value is
/var/state/shorewall and in LEAF it is /var/run/shorwall.
VERBOSITY=[number]
Shorewall has traditionally been very noisy (produced lots of
output). You may set the default level of verbosity using the
VERBOSITY OPTION.
Values are:

0 - Silent. You may make it more verbose using the -v
option
1 - Major progress messages displayed
2 - All progress messages displayed (old default
behavior) If not specified, then 2 is assumed.

FILES

/etc/shorewall-lite/shorewall.conf

SEE ALSO

http://www.shorewall.net/Documentation_Index.html

shorewall-lite(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
shorewall-route_rules(5), shorewall-routestopped(5),
shorewall-rules(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
shorewall-zones(5)

12/15/2008 SHOREWALL-LITE.CON(5)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Index | Man stránky | tLDP | Dokumenty | Utilitky | O projekte
Design by styleshout