Name

shorewall6-lite.conf — Shorewall6 Lite global configuration file

Synopsis

/etc/shorewall6-lite/shorewall6-lite.conf

Description

This file sets options that apply to Shorewall6 Lite as a whole.

The file consists of Shell comments (lines beginning with '#'), blank lines and assignment statements (variable=value). Each variable's setting is preceded by comments that describe the variable and it's effect.

Any option not specified in this file gets its value from the shorewall6.conf file used during compilation of /var/lib/shorewall6-lite/firewall. Those settings may be found in the file /var/lib/shorewall6-lite/firewall.conf.

OPTIONS

The following options may be set in shorewall6.conf.

IP6TABLES=[pathname]

This parameter names the ip6tables executable to be used by Shorewall6. If not specified or if specified as a null value, then the ip6tables executable located using the PATH option is used.

LOGFILE=[pathname]

This parameter tells the /sbin/shorewall6 program where to look for Shorewall6 messages when processing the dump, logwatch, show log, and hits commands. If not assigned or if assigned an empty value, /var/log/messages is assumed.

LOGFORMAT=["formattemplate"]

The value of this variable generate the --log-prefix setting for Shorewall6 logging rules. It contains a “printf” formatting template which accepts three arguments (the chain name, logging rule number (optional) and the disposition). To use LOGFORMAT with fireparse, set it as:

    LOGFORMAT="fp=%s:%d a=%s "

If the LOGFORMAT value contains the substring “%d” then the logging rule number is calculated and formatted in that position; if that substring is not included then the rule number is not included. If not supplied or supplied as empty (LOGFORMAT="") then “Shorewall6:%s:%s:” is assumed.

PATH=pathname[:pathname]...

Determines the order in which Shorewall6 searches directories for executable files.

RESTOREFILE=[filename]

Specifies the simple name of a file in /var/lib/shorewall6 to be used as the default restore script in the shorewall6 save, shorewall6 restore, shorewall6 forget and shorewall6 -f start commands.

SHOREWALL_SHELL=[pathname]

This option is used to specify the shell program to be used to interpret the compiled script. If not specified or specified as a null value, /bin/sh is assumed. Using a light-weight shell such as ash or dash can significantly improve performance.

SUBSYSLOCK=[pathname]

This parameter should be set to the name of a file that the firewall should create if it starts successfully and remove when it stops. Creating and removing this file allows Shorewall6 to work with your distribution's initscripts. For RedHat, this should be set to /var/lock/subsys/shorewall6. For Debian, the value is /var/state/shorewall6 and in LEAF it is /var/run/shorewall.

VERBOSITY=[number]

Shorewall6 has traditionally been very noisy (produced lots of output). You may set the default level of verbosity using the VERBOSITY OPTION.

Values are:

0 - Silent. You may make it more verbose using the -v option
1 - Major progress messages displayed
2 - All progress messages displayed (old default behavior)

If not specified, then 2 is assumed.

FILES

/etc/shorewall6-lite/shorewall6.conf

See ALSO

https://shorewall.org/Documentation_Index.html

shorewall6-lite(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-ipsec(5), shorewall6-maclist(5), shorewall6-masq(5), shorewall6-nat(5), shorewall6-netmap(5), shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-proxyarp(5), shorewall6-route_rules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)

Documentation


Frequently Used Articles

- FAQs - Manpages - Configuration File Basics - Beginner Documentation - Troubleshooting

Shorewall 4.4/4.5/4.6 Documentation

Shorewall 4.0/4.2 Documentation


Shorewall 5.0/5.1/5.2 HOWTOs and Other Articles

- 6to4 and 6in4 Tunnels - Accounting - Actions - Aliased (virtual) Interfaces (e.g., eth0:0) - Anatomy of Shorewall - Anti-Spoofing Measures - AUDIT Target support - Bandwidth Control - Blacklisting/Whitelisting - Bridge/Firewall - Building Shorewall from GIT - Commands - Compiled Programs - Configuration File Basics - DHCP - DNAT - Docker - Dynamic Zones - ECN Disabling by host or subnet - Events - Extension Scripts - Fallback/Uninstall - FAQs - Features - Fool's Firewall - Forwarding Traffic on the Same Interface - FTP and Shorewall - Helpers/Helper Modules - Installation/Upgrade - IPP2P - IPSEC - Ipsets - IPv6 Support - ISO 3661 Country Codes - Kazaa Filtering - Kernel Configuration - KVM (Kernel-mode Virtual Machine) - Limiting Connection Rates - Linux Containers (LXC) - Linux-vserver - Logging - Macros - MAC Verification - Manpages - Manual Chains - Masquerading - Multiple Internet Connections from a Single Firewall - Multiple Zones Through One Interface - My Shorewall Configuration - Netfilter Overview - Network Mapping - No firewalling of traffic between bridge port - One-to-one NAT - Operating Shorewall - OpenVPN - OpenVZ - Packet Marking - Packet Processing in a Shorewall-based Firewall - 'Ping' Management - Port Forwarding - Port Information - Port Knocking (deprecated) - Port Knocking, Auto Blacklisting and Other Uses of the 'Recent Match' - PPTP - Proxy ARP - QuickStart Guides - Release Model - Requirements - Routing and Shorewall - Routing on One Interface - Samba - Shared Shorewall/Shorewall6 Configuration - Shorewall Events - Shorewall Init - Shorewall Lite - Shorewall on a Laptop - Shorewall Perl - Shorewall Setup Guide - SMB - SNAT - Split DNS the Easy Way - Squid with Shorewall - Starting/stopping the Firewall - Static (one-to-one) NAT - Support - Tips and Hints - Traffic Shaping/QOS - Simple - Traffic Shaping/QOS - Complex - Transparent Proxy - UPnP - Upgrade Issues - Upgrading to Shorewall 4.4 (Upgrading Debian Lenny to Squeeze) - VPN - VPN Passthrough - White List Creation - Xen - Shorewall in a Bridged Xen DomU - Xen - Shorewall in Routed Xen Dom0

Top of Page