SHOREWALL6-LITE.C(5) | Configuration Files | SHOREWALL6-LITE.C(5) |
NAME¶
shorewall6-lite.conf - Shorewall6 Lite global configuration fileSYNOPSIS¶
/etc/shorewall6-lite/shorewall6-lite.conf
DESCRIPTION¶
This file sets options that apply to Shorewall6 Lite as a whole. The file consists of Shell comments (lines beginning with '#'), blank lines and assignment statements ( variable=value). Each variable's setting is preceded by comments that describe the variable and it's effect. Any option not specified in this file gets its value from the shorewall6.conf file used during compilation of /var/lib/shorewall6-lite/firewall. Those settings may be found in the file /var/lib/shorewall6-lite/firewall.conf.OPTIONS¶
The following options may be set in shorewall6.conf. IP6TABLES=[pathname]This parameter names the ip6tables executable to be used
by Shorewall6. If not specified or if specified as a null value, then the
ip6tables executable located using the PATH option is used.
LOGFILE=[pathname]
This parameter tells the /sbin/shorewall6 program where
to look for Shorewall6 messages when processing the dump,
logwatch, show log, and hits commands. If not assigned or
if assigned an empty value, /var/log/messages is assumed.
LOGFORMAT=["formattemplate"]
The value of this variable generate the --log-prefix
setting for Shorewall6 logging rules. It contains a “printf”
formatting template which accepts three arguments (the chain name, logging
rule number (optional) and the disposition). To use LOGFORMAT with fireparse,
set it as:
If the LOGFORMAT value contains the substring “%d” then the
logging rule number is calculated and formatted in that position; if that
substring is not included then the rule number is not included. If not
supplied or supplied as empty (LOGFORMAT="") then
“Shorewall6:%s:%s:” is assumed.
PATH=pathname[:pathname]...
LOGFORMAT="fp=%s:%d a=%s "
Determines the order in which Shorewall6 searches
directories for executable files.
RESTOREFILE=[filename]
Specifies the simple name of a file in
/var/lib/shorewall6 to be used as the default restore script in the
shorewall6 save, shorewall6 restore, shorewall6 forget
and shorewall6 -f start commands.
SHOREWALL_SHELL=[pathname]
This option is used to specify the shell program to be
used to interpret the compiled script. If not specified or specified as a null
value, /bin/sh is assumed. Using a light-weight shell such as ash or dash can
significantly improve performance.
SUBSYSLOCK=[pathname]
This parameter should be set to the name of a file that
the firewall should create if it starts successfully and remove when it stops.
Creating and removing this file allows Shorewall6 to work with your
distribution's initscripts. For RedHat, this should be set to
/var/lock/subsys/shorewall6. For Debian, the value is /var/state/shorewall6
and in LEAF it is /var/run/shorewall.
VERBOSITY=[number]
Shorewall6 has traditionally been very noisy (produced
lots of output). You may set the default level of verbosity using the
VERBOSITY OPTION.
Values are:
0 - Silent. You may make it more verbose using the -v
option
option
1 - Major progress messages displayed
2 - All progress messages displayed (old default
behavior)
If not specified, then 2 is assumed.behavior)
FILES¶
/etc/shorewall6-lite/shorewall6.confSEE ALSO¶
http://www.shorewall.net/Documentation_Index.html shorewall6-lite(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-ipsec(5), shorewall6-maclist(5), shorewall6-masq(5), shorewall6-nat(5), shorewall6-netmap(5), shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-proxyarp(5), shorewall6-route_rules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)10/19/2014 | Configuration Files |