'\" t .\" Title: shorewall-routestopped .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.75.2 .\" Date: 06/28/2012 .\" Manual: [FIXME: manual] .\" Source: [FIXME: source] .\" Language: English .\" .TH "SHOREWALL\-ROUTESTOP" "5" "06/28/2012" "[FIXME: source]" "[FIXME: manual]" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" routestopped \- The Shorewall file that governs what traffic flows through the firewall while it is in the \*(Aqstopped\*(Aq state\&. .SH "SYNOPSIS" .HP \w'\fB/etc/shorewall/routestopped\fR\ 'u \fB/etc/shorewall/routestopped\fR .SH "DESCRIPTION" .PP This file is used to define the hosts that are accessible when the firewall is stopped or is being stopped\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBWarning\fR .ps -1 .br .PP Changes to this file do not take effect until after the next \fBshorewall start\fR or \fBshorewall restart\fR command\&. .sp .5v .RE .PP The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in the alternate specification syntax)\&. .PP \fBINTERFACE\fR \- \fIinterface\fR .RS 4 Interface through which host(s) communicate with the firewall .RE .PP \fBHOST(S)\fR (hosts) \- [\fB\-\fR|\fIaddress\fR[,\fIaddress\fR]\&.\&.\&.] .RS 4 Optional\&. Comma\-separated list of IP/subnet addresses\&. If your kernel and iptables include iprange match support, IP address ranges are also allowed\&. .sp If left empty or supplied as "\-", 0\&.0\&.0\&.0/0 is assumed\&. .RE .PP \fBOPTIONS\fR \- [\fB\-\fR|\fIoption\fR[\fB,\fR\fIoption\fR]\&.\&.\&.] .RS 4 Optional\&. A comma\-separated list of options\&. The order of the options is not important but the list can contain no embedded whitespace\&. The currently\-supported options are: .PP \fBrouteback\fR .RS 4 Set up a rule to ACCEPT traffic from these hosts back to themselves\&. Beginning with Shorewall 4\&.4\&.9, this option is automatically set if \fBrouteback\fR is specified in \m[blue]\fBshorewall\-interfaces\fR\m[]\&\s-2\u[1]\d\s+2 (5) or if the rules compiler detects that the interface is a bridge\&. .RE .PP \fBsource\fR .RS 4 Allow traffic from these hosts to ANY destination\&. Without this option or the \fBdest\fR option, only traffic from this host to other listed hosts (and the firewall) is allowed\&. If \fBsource\fR is specified then \fBrouteback\fR is redundant\&. .RE .PP \fBdest\fR .RS 4 Allow traffic to these hosts from ANY source\&. Without this option or the \fBsource\fR option, only traffic from this host to other listed hosts (and the firewall) is allowed\&. If \fBdest\fR is specified then \fBrouteback\fR is redundant\&. .RE .PP notrack .RS 4 The traffic will be exempted from conntection tracking\&. .RE .RE .PP PROTO (Optional) \(en \fIprotocol\-name\-or\-number\fR .RS 4 Protocol\&. .RE .PP DEST PORT(S) (dport) \(en \fIservice\-name/port\-number\-list\fR .RS 4 Optional\&. A comma\-separated list of port numbers and/or service names from /etc/services\&. May also include port ranges of the form \fIlow\-port\fR:\fIhigh\-port\fR if your kernel and iptables include port range support\&. .RE .PP SOURCE PORT(S) (sport) \(en \fIservice\-name/port\-number\-list\fR .RS 4 Optional\&. A comma\-separated list of port numbers and/or service names from /etc/services\&. May also include port ranges of the form \fIlow\-port\fR:\fIhigh\-port\fR if your kernel and iptables include port range support\&. .RE .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br .PP The \fBsource\fR and \fBdest\fR options work best when used in conjunction with ADMINISABSENTMINDED=Yes in \m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5)\&. .sp .5v .RE .SH "EXAMPLE" .PP Example 1: .RS 4 .sp .if n \{\ .RS 4 .\} .nf #INTERFACE HOST(S) OPTIONS PROTO DEST SOURCE # PORT(S) PORT(S) eth2 192\&.168\&.1\&.0/24 eth0 192\&.0\&.2\&.44 br0 \- routeback eth3 \- source eth4 \- notrack 41 .fi .if n \{\ .RE .\} .RE .SH "FILES" .PP /etc/shorewall/routestopped .SH "SEE ALSO" .PP \m[blue]\fBhttp://shorewall\&.net/starting_and_stopping_shorewall\&.htm\fR\m[] .PP \m[blue]\fBhttp://shorewall\&.net/configuration_file_basics\&.htm#Pairs\fR\m[] .PP shorewall(8), shorewall\-accounting(5), shorewall\-actions(5), shorewall\-blacklist(5), shorewall\-hosts(5), shorewall_interfaces(5), shorewall\-ipsets(5), shorewall\-maclist(5), shorewall\-masq(5), shorewall\-nat(5), shorewall\-netmap(5), shorewall\-params(5), shorewall\-policy(5), shorewall\-providers(5), shorewall\-proxyarp(5), shorewall\-rtrules(5), shorewall\-rules(5), shorewall\&.conf(5), shorewall\-secmarks(5), shorewall\-tcclasses(5), shorewall\-tcdevices(5), shorewall\-tcrules(5), shorewall\-tos(5), shorewall\-tunnels(5), shorewall\-zones(5) .SH "NOTES" .IP " 1." 4 shorewall-interfaces .RS 4 \%http://www.shorewall.net/manpages/shorewall-interfaces.html .RE .IP " 2." 4 shorewall.conf .RS 4 \%http://www.shorewall.net/manpages/shorewall.conf.html .RE