SHOREWALL-HOSTS(5) | Configuration Files | SHOREWALL-HOSTS(5) |
NAME¶
hosts - Shorewall fileSYNOPSIS¶
/etc/shorewall/hosts
DESCRIPTION¶
This file is used to define zones in terms of subnets and/or individual IP addresses. Most simple setups don't need to (should not) place anything in this file.The order of entries in this file is not significant in determining zone composition. Rather, the order that the zones are declared in shorewall-zones[1](5) determines the order in which the records in this file are interpreted.
Warning
The only time that you need this file is when you have more than one zone connected through a single interface.
Warning
If you have an entry for a zone and interface in shorewall-interfaces[2](5) then do not include any entries in this file for that same (zone, interface) pair.
The columns in the file are as follows.
ZONE - zone-name
HOST(S) - interface:{[{address-or-range[,address-or-range]...|+ipset|dynamic}[exclusion]
You may also exclude certain hosts through use of an exclusion (see shorewall-exclusion[3](5).
OPTIONS (Optional) - [option[,option]...]
blacklist
broadcast
destonly
ipsec
maclist
mss=mss
nosmurfs
Filter packets for smurfs (packets with a broadcast address as the source).
Smurfs will be optionally logged based on the setting of SMURF_LOG_LEVEL in shorewall.conf[6](5). After logging, the packets are dropped.
routeback
tcpflags
EXAMPLES¶
Example 1#ZONE HOST(S) OPTIONS vpn ppp+:192.168.3.0/24
FILES¶
/etc/shorewall/hostsSEE ALSO¶
http://www.shorewall.net/configuration_file_basics.htm#Pairs[7]shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-nesting(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-mangle(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
NOTES¶
- 1.
- shorewall-zones
- 2.
- shorewall-interfaces
- 3.
- shorewall-exclusion
- 4.
- shorewall-blacklist
- 5.
- shorewall-maclist
- 6.
- shorewall.conf
03/16/2017 | Configuration Files |