'\" t .\" Title: shorewall6-routestopped .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 .\" Date: 10/19/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" .TH "SHOREWALL6\-ROUTESTO" "5" "10/19/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" routestopped \- The Shorewall6 file that governs what traffic flows through the firewall while it is in \*(Aqstopped\*(Aq state\&. .SH "SYNOPSIS" .HP \w'\fB/etc/shorewall6/routestopped\fR\ 'u \fB/etc/shorewall6/routestopped\fR .SH "DESCRIPTION" .PP This file is deprecated in favor of the \m[blue]\fBshorewall6\-stoppedrules\fR\m[]\&\s-2\u[1]\d\s+2(5) file\&. .PP This file is used to define the hosts that are accessible when the firewall is stopped or is being stopped\&. When shorewall6\-shell is being used, the file also determines those hosts that are accessible when the firewall is in the process of being [re]started\&. .PP The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in the alternate specification syntax)\&. .PP \fBINTERFACE\fR \- \fIinterface\fR .RS 4 Interface through which host(s) communicate with the firewall .RE .PP \fBHOST(S)\fR \- [\fB\-\fR|\fIaddress\fR[,\fIaddress\fR]\&.\&.\&.] .RS 4 Optional comma\-separated list of IP/subnet addresses\&. If your kernel and ip6tables include iprange match support, IP address ranges are also allowed\&. .sp If left empty or supplied as "\-", 0\&.0\&.0\&.0/0 is assumed\&. .RE .PP \fBOPTIONS\fR \- [\fB\-\fR|\fIoption\fR[\fB,\fR\fIoption\fR]\&.\&.\&.] .RS 4 An optional comma\-separated list of options\&. The order of the options is not important but the list can contain no embedded white\-space\&. The currently\-supported options are: .PP \fBrouteback\fR .RS 4 Set up a rule to ACCEPT traffic from these hosts back to themselves\&. Beginning with Shorewall 4\&.4\&.9, this option is automatically set if \fBrouteback\fR is specified in \m[blue]\fBshorewall6\-interfaces\fR\m[]\&\s-2\u[2]\d\s+2 (5) or if the rules compiler detects that the interface is a bridge\&. .RE .PP \fBsource\fR .RS 4 Allow traffic from these hosts to ANY destination\&. Without this option or the \fBdest\fR option, only traffic from this host to other listed hosts (and the firewall) is allowed\&. If \fBsource\fR is specified then \fBrouteback\fR is redundant\&. .RE .PP \fBdest\fR .RS 4 Allow traffic to these hosts from ANY source\&. Without this option or the \fBsource\fR option, only traffic from this host to other listed hosts (and the firewall) is allowed\&. If \fBdest\fR is specified then \fBrouteback\fR is redundant\&. .RE .PP \fBnotrack\fR .RS 4 The traffic will be exempted from connection tracking\&. .RE .RE .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br .PP The \fBsource\fR and \fBdest\fR options work best when used in conjunction with ADMINISABSENTMINDED=Yes in \m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5)\&. .sp .5v .RE .SH "EXAMPLE" .PP Example 1: .RS 4 .sp .if n \{\ .RS 4 .\} .nf #INTERFACE HOST(S) OPTIONS eth2 2002:ce7c:92b4::/64 eth0 2002:ce7c:92b4:1::/64 br0 \- routeback eth3 \- source .fi .if n \{\ .RE .\} .RE .SH "FILES" .PP /etc/shorewall6/routestopped .SH "SEE ALSO" .PP \m[blue]\fBhttp://www\&.shorewall\&.net/starting_and_stopping_shorewall\&.htm\fR\m[]\&\s-2\u[4]\d\s+2 .PP \m[blue]\fBhttp://www\&.shorewall\&.net/configuration_file_basics\&.htm#Pairs\fR\m[]\&\s-2\u[5]\d\s+2 .PP shorewall6(8), shorewall6\-accounting(5), shorewall6\-actions(5), shorewall6\-blacklist(5), shorewall6\-hosts(5), shorewall6\-interfaces(5), shorewall6\-maclist(5), shorewall6\-netmap(5),shorewall6\-params(5), shorewall6\-policy(5), shorewall6\-providers(5), shorewall6\-rtrules(5), shorewall6\-rules(5), shorewall6\&.conf(5), shorewall6\-secmarks(5), shorewall6\-tcclasses(5), shorewall6\-tcdevices(5), shorewall6\-mangle(5), shorewall6\-tos(5), shorewall6\-tunnels(5), shorewall6\-zones(5) .SH "NOTES" .IP " 1." 4 shorewall6-stoppedrules .RS 4 \%http://www.shorewall.net/manpages6/shorewall6-stoppedrules.html .RE .IP " 2." 4 shorewall6-interfaces .RS 4 \%http://www.shorewall.net/manpages6/shorewall6-interfaces.html .RE .IP " 3." 4 shorewall6.conf .RS 4 \%http://www.shorewall.net/manpages6/shorewall6.conf.html .RE .IP " 4." 4 http://www.shorewall.net/starting_and_stopping_shorewall.htm .RS 4 \%http://www.shorewall.net/starting_and_stopping_shorewall.htm .RE .IP " 5." 4 http://www.shorewall.net/configuration_file_basics.htm#Pairs .RS 4 \%http://www.shorewall.net/configuration_file_basics.htm#Pairs .RE