'\" t .\" Title: shorewall-lite.conf .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.79.1 .\" Date: 09/24/2020 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" .TH "SHOREWALL\-LITE\&.CO" "5" "09/24/2020" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" shorewall-lite.conf \- Shorewall Lite global configuration file .SH "SYNOPSIS" .HP \w'\fB/etc/shorewall\-lite/shorewall\-lite\&.conf\fR\ 'u \fB/etc/shorewall\-lite/shorewall\-lite\&.conf\fR .SH "DESCRIPTION" .PP This file sets options that apply to Shorewall Lite as a whole\&. .PP The file consists of Shell comments (lines beginning with \*(Aq#\*(Aq), blank lines and assignment statements (\fIvariable\fR=\fIvalue\fR)\&. Each variable\*(Aqs setting is preceded by comments that describe the variable and it\*(Aqs effect\&. .PP Any option not specified in this file gets its value from the shorewall\&.conf file used during compilation of /var/lib/shorewall\-lite/firewall\&. Those settings may be found in the file /var/lib/shorewall\-lite/firewall\&.conf\&. .SH "OPTIONS" .PP The following options may be set in shorewall\&.conf\&. .PP \fBIPTABLES=\fR[\fIpathname\fR] .RS 4 This parameter names the iptables executable to be used by Shorewall\&. If not specified or if specified as a null value, then the iptables executable located using the PATH option is used\&. .RE .PP \fBLOGFILE=\fR[\fIpathname\fR] .RS 4 This parameter tells the /sbin/shorewall program where to look for Shorewall messages when processing the \fBdump\fR, \fBlogwatch\fR, \fBshow log\fR, and \fBhits\fR commands\&. If not assigned or if assigned an empty value, /var/log/messages is assumed\&. .RE .PP \fBLOGFORMAT=\fR[\fB"\fR\fIformattemplate\fR\fB"\fR] .RS 4 The value of this variable generate the \-\-log\-prefix setting for Shorewall logging rules\&. It contains a \(lqprintf\(rq formatting template which accepts three arguments (the chain name, logging rule number (optional) and the disposition)\&. To use LOGFORMAT with fireparse, set it as: .sp .if n \{\ .RS 4 .\} .nf LOGFORMAT="fp=%s:%d a=%s " .fi .if n \{\ .RE .\} .sp If the LOGFORMAT value contains the substring \(lq%d\(rq then the logging rule number is calculated and formatted in that position; if that substring is not included then the rule number is not included\&. If not supplied or supplied as empty (LOGFORMAT="") then \(lqShorewall:%s:%s:\(rq is assumed\&. .RE .PP \fB\fBPATH=\fR\fR\fB\fIpathname\fR\fR\fB[\fR\fB\fB:\fR\fR\fB\fIpathname\fR\fR\fB]\&.\&.\&.\fR .RS 4 Determines the order in which Shorewall searches directories for executable files\&. .RE .PP \fBRESTOREFILE=\fR[\fIfilename\fR] .RS 4 Specifies the simple name of a file in /var/lib/shorewall to be used as the default restore script in the \fBshorewall save\fR, \fBshorewall restore\fR, \fBshorewall forget \fRand \fBshorewall \-f start\fR commands\&. .RE .PP \fBSHOREWALL_SHELL=\fR[\fIpathname\fR] .RS 4 This option is used to specify the shell program to be used to run the Shorewall compiler and to interpret the compiled script\&. If not specified or specified as a null value, /bin/sh is assumed\&. Using a light\-weight shell such as ash or dash can significantly improve performance\&. .RE .PP \fBSUBSYSLOCK=\fR[\fIpathname\fR] .RS 4 This parameter should be set to the name of a file that the firewall should create if it starts successfully and remove when it stops\&. Creating and removing this file allows Shorewall to work with your distribution\*(Aqs initscripts\&. For RedHat, this should be set to /var/lock/subsys/shorewall\&. For Debian, the value is /var/state/shorewall and in LEAF it is /var/run/shorewall\&. .RE .PP VERBOSITY=[\fBnumber\fR] .RS 4 Shorewall has traditionally been very noisy (produced lots of output)\&. You may set the default level of verbosity using the VERBOSITY OPTION\&. .sp Values are: .RS 4 0 \- Silent\&. You may make it more verbose using the \-v option .RE .RS 4 1 \- Major progress messages displayed .RE .RS 4 2 \- All progress messages displayed (old default behavior) .RE If not specified, then 2 is assumed\&. .RE .SH "FILES" .PP /etc/shorewall\-lite/shorewall\&.conf .SH "SEE ALSO" .PP \m[blue]\fBhttps://shorewall\&.org/Documentation_Index\&.html\fR\m[] .PP shorewall\-lite(8), shorewall\-accounting(5), shorewall\-actions(5), shorewall\-blacklist(5), shorewall\-hosts(5), shorewall\-interfaces(5), shorewall\-ipsec(5), shorewall\-maclist(5), shorewall\-masq(5), shorewall\-nat(5), shorewall\-netmap(5), shorewall\-params(5), shorewall\-policy(5), shorewall\-providers(5), shorewall\-proxyarp(5), shorewall\-route_rules(5), shorewall\-routestopped(5), shorewall\-rules(5), shorewall\-tcclasses(5), shorewall\-tcdevices(5), shorewall\-tcrules(5), shorewall\-tos(5), shorewall\-tunnels(5), shorewall\-zones(5)