'\" t .\" Title: shorewall6-lite .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.75.2 .\" Date: 06/28/2012 .\" Manual: [FIXME: manual] .\" Source: [FIXME: source] .\" Language: English .\" .TH "SHOREWALL6\-LITE" "8" "06/28/2012" "[FIXME: source]" "[FIXME: manual]" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" shorewall6-lite \- Administration tool for Shoreline 6 Firewall Lite (Shorewall6 Lite) .SH "SYNOPSIS" .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR\ [\fBnolock\fR]] [\-\fIoptions\fR] \fBadd\fR \fIinterface\fR[:\fIhost\-list\fR]... \fIzone\fR .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR\ [\fBnolock\fR]] [\-\fIoptions\fR] \fBallow\fR \fIaddress\fR .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR\ [\fBnolock\fR]] [\-\fIoptions\fR] \fBclear\fR\ [\fB\-f\fR] .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR\ [\fBnolock\fR]] [\-\fIoptions\fR] \fBdelete\fR \fIinterface\fR[:\fIhost\-list\fR]... \fIzone\fR .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR\ [\fBnolock\fR]] [\-\fIoptions\fR] \fBdisable\fR {\ \fIinterface\fR\ |\ \fIprovider\fR\ } .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR\ [\fBnolock\fR]] [\-\fIoptions\fR] \fBdrop\fR \fIaddress\fR .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBdump\fR [\fB\-x\fR] [\fB\-l\fR] [\fB\-m\fR] .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR\ [\fBnolock\fR]] [\-\fIoptions\fR] \fBenable\fR {\ \fIinterface\fR\ |\ \fIprovider\fR\ } .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR\ [\fBnolock\fR]] [\-\fIoptions\fR] \fBforget\fR [\fIfilename\fR] .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBhelp\fR .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBhits\fR\ [\fB\-t\fR] .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBipcalc\fR {\fIaddress\fR\ \fImask\fR | \fIaddress\fR/\fIvlsm\fR} .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBiprange\fR \fIaddress1\fR\fB\-\fR\fIaddress2\fR .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBiptrace\fR \fIiptables\ match\ expression\fR .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR\ [\fBnolock\fR]] [\-\fIoptions\fR] \fBlogdrop\fR \fIaddress\fR .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBlogwatch\fR [\fB\-m\fR] [\fIrefresh\-interval\fR] .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR\ [\fBnolock\fR]] [\-\fIoptions\fR] \fBlogreject\fR \fIaddress\fR .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBnoiptrace\fR \fIiptables\ match\ expression\fR .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR\ [\fBnolock\fR]] [\-\fIoptions\fR] \fBreject\fR \fIaddress\fR .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR\ [\fBnolock\fR]] [\-\fIoptions\fR] \fBreset\fR .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR\ [\fBnolock\fR]] [\-\fIoptions\fR] \fBrestart\fR [\fB\-n\fR] [\fB\-p\fR] [\fIdirectory\fR] .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR\ [\fBnolock\fR]] [\-\fIoptions\fR] \fBrestore\fR [\fIfilename\fR] .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR\ [\fBnolock\fR]] [\-\fIoptions\fR] \fBsave\fR [\fIfilename\fR] .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBshow\fR [\fB\-x\fR] [\fB\-l\fR] [\fB\-t\fR\ {\fBfilter\fR|\fBmangle\fR|\fBnat\fR|\fBraw|rawpost\fR}] [[\fBchain\fR]\ \fIchain\fR...] .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBshow\fR [\fB\-f\fR] \fBcapabilities\fR .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBshow\fR {\fBclassifiers|connections|config|filters|ip|ipa|zones|policies|marks\fR} .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBshow\fR [\fB\-x\fR] {\fBmangle|nat|routing|raw|rawpost\fR} .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBshow\fR \fBtc\fR .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBshow\fR [\fB\-m\fR] \fBlog\fR .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR\ [\fBnolock\fR]] [\-\fIoptions\fR] \fBstart\fR [\fB\-n\fR] [\fB\-p\fR] .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR\ [\fBnolock\fR]] [\-\fIoptions\fR] \fBstop\fR .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBstatus\fR .HP \w'\fBshorewall6\-lite\fR\ 'u \fBshorewall6\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBversion\fR\ [\fB\-a\fR] .SH "DESCRIPTION" .PP The shorewall6\-lite utility is used to control the Shoreline Firewall Lite (Shorewall Lite)\&. .SH "OPTIONS" .PP The \fBtrace\fR and \fBdebug\fR options are used for debugging\&. See \m[blue]\fBhttp://www\&.shorewall\&.net/starting_and_stopping_shorewall\&.htm#Trace\fR\m[]\&. .PP The nolock \fBoption\fR prevents the command from attempting to acquire the shorewall6\-lite lockfile\&. It is useful if you need to include \fBshorewall\fR commands in /etc/shorewall/started\&. .PP The \fIoptions\fR control the amount of output that the command produces\&. They consist of a sequence of the letters \fBv\fR and \fBq\fR\&. If the options are omitted, the amount of output is determined by the setting of the VERBOSITY parameter in \m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[1]\d\s+2(5)\&. Each \fBv\fR adds one to the effective verbosity and each \fBq\fR subtracts one from the effective VERBOSITY\&. Anternately, \fBv\fR may be followed immediately with one of \-1,0,1,2 to specify a specify VERBOSITY\&. There may be no white space between \fBv\fR and the VERBOSITY\&. .PP The \fIoptions\fR may also include the letter \fBt\fR which causes all progress messages to be timestamped\&. .SH "COMMANDS" .PP The available commands are listed below\&. .PP \fBadd\fR .RS 4 Adds a list of hosts or subnets to a dynamic zone usually used with VPN\*(Aqs\&. .sp The \fIinterface\fR argument names an interface defined in the \m[blue]\fBshorewall\-interfaces\fR\m[]\&\s-2\u[2]\d\s+2(5) file\&. A \fIhost\-list\fR is comma\-separated list whose elements are host or network addresses\&..if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBCaution\fR .ps -1 .br The \fBadd\fR command is not very robust\&. If there are errors in the \fIhost\-list\fR, you may see a large number of error messages yet a subsequent \fBshorewall6\-lite show zones\fR command will indicate that all hosts were added\&. If this happens, replace \fBadd\fR by \fBdelete\fR and run the same command again\&. Then enter the correct command\&. .sp .5v .RE .RE .PP \fBallow\fR .RS 4 Re\-enables receipt of packets from hosts previously blacklisted by a \fBdrop\fR, \fBlogdrop\fR, \fBreject\fR, or \fBlogreject\fR command\&. .RE .PP \fBclear\fR .RS 4 Clear will remove all rules and chains installed by shorewall6\-lite\&. The firewall is then wide open and unprotected\&. Existing connections are untouched\&. Clear is often used to see if the firewall is causing connection problems\&. .sp If \fB\-f\fR is given, the command will be processed by the compiled script that executed the last successful \fBstart\fR, \fBrestart\fR or \fBrefresh\fR command if that script exists\&. .RE .PP \fBdelete\fR .RS 4 The delete command reverses the effect of an earlier \fBadd\fR command\&. .sp The \fIinterface\fR argument names an interface defined in the \m[blue]\fBshorewall\-interfaces\fR\m[]\&\s-2\u[2]\d\s+2(5) file\&. A \fIhost\-list\fR is comma\-separated list whose elements are a host or network address\&. .RE .PP \fBdisable\fR .RS 4 Added in Shorewall 4\&.4\&.26\&. Disables the optional provider associated with the specified \fIinterface\fR or \fIprovider\fR\&. Where more than one provider share a single network interface, a \fIprovider\fR name must be given\&. .RE .PP \fBdrop\fR .RS 4 Causes traffic from the listed \fIaddress\fRes to be silently dropped\&. .RE .PP \fBdump\fR .RS 4 Produces a verbose report about the firewall configuration for the purpose of problem analysis\&. .sp The \fB\-x\fR option causes actual packet and byte counts to be displayed\&. Without that option, these counts are abbreviated\&. The \fB\-m\fR option causes any MAC addresses included in shorewall6\-lite log messages to be displayed\&. .sp The \fB\-l\fR option causes the rule number for each Netfilter rule to be displayed\&. .RE .PP \fBenable\fR .RS 4 Added in Shorewall 4\&.4\&.26\&. Enables the optional provider associated with the specified \fIinterface\fR or \fIprovider\fR\&. Where more than one provider share a single network interface, a \fIprovider\fR name must be given\&. .RE .PP \fBforget\fR .RS 4 Deletes /var/lib/shorewall6\-lite/\fIfilenam\fRe and /var/lib/shorewall6\-lite/save\&. If no \fIfilename\fR is given then the file specified by RESTOREFILE in \m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[1]\d\s+2(5) is assumed\&. .RE .PP \fBhelp\fR .RS 4 Displays a syntax summary\&. .RE .PP \fBhits\fR .RS 4 Generates several reports from shorewall6\-lite log messages in the current log file\&. If the \fB\-t\fR option is included, the reports are restricted to log messages generated today\&. .RE .PP \fBipcalc\fR .RS 4 Ipcalc displays the network address, broadcast address, network in CIDR notation and netmask corresponding to the input[s]\&. .RE .PP \fBiprange\fR .RS 4 Iprange decomposes the specified range of IP addresses into the equivalent list of network/host addresses\&. .RE .PP \fBiptrace\fR .RS 4 This is a low\-level debugging command that causes iptables TRACE log records to be created\&. See iptables(8) for details\&. .sp The \fIiptables match expression\fR must be one or more matches that may appear in both the raw table OUTPUT and raw table PREROUTING chains\&. .sp The trace records are written to the kernel\*(Aqs log buffer with faciility = kernel and priority = warning, and they are routed from there by your logging daemon (syslogd, rsyslog, syslog\-ng, \&.\&.\&.) \-\- shorewall6\-lite has no control over where the messages go; consult your logging daemon\*(Aqs documentation\&. .RE .PP \fBlogdrop\fR .RS 4 Causes traffic from the listed \fIaddress\fRes to be logged then discarded\&. Logging occurs at the log level specified by the BLACKLIST_LOGLEVEL setting in \m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[1]\d\s+2 (5)\&. .RE .PP \fBlogwatch\fR .RS 4 Monitors the log file specified by the LOGFILE option in \m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[1]\d\s+2(5) and produces an audible alarm when new shorewall6\-lite messages are logged\&. The \fB\-m\fR option causes the MAC address of each packet source to be displayed if that information is available\&. The \fIrefresh\-interval\fR specifies the time in seconds between screen refreshes\&. You can enter a negative number by preceding the number with "\-\-" (e\&.g\&., \fBshorewall6\-lite logwatch \-\- \-30\fR)\&. In this case, when a packet count changes, you will be prompted to hit any key to resume screen refreshes\&. .RE .PP \fBlogreject\fR .RS 4 Causes traffic from the listed \fIaddress\fRes to be logged then rejected\&. Logging occurs at the log level specified by the BLACKLIST_LOGLEVEL setting in \m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[1]\d\s+2 (5)\&. .RE .PP \fBnoiptrace\fR .RS 4 This is a low\-level debugging command that cancels a trace started by a preceding \fBiptrace\fR command\&. .sp The \fIiptables match expression\fR must be one given in the \fBiptrace\fR command being cancelled\&. .RE .PP \fBreset\fR .RS 4 All the packet and byte counters in the firewall are reset\&. .RE .PP \fBrestart\fR .RS 4 Restart is similar to \fBshorewall6\-lite start\fR except that it assumes that the firewall is already started\&. Existing connections are maintained\&. .sp The \fB\-n\fR option causes shorewall6\-lite to avoid updating the routing table(s)\&. .sp The \fB\-p\fR option causes the connection tracking table to be flushed; the \fBconntrack\fR utility must be installed to use this option\&. .RE .PP \fBrestore\fR .RS 4 Restore shorewall6\-lite to a state saved using the \fBshorewall6\-lite save\fR command\&. Existing connections are maintained\&. The \fIfilename\fR names a restore file in /var/lib/shorewall6\-lite created using \fBshorewall6\-lite save\fR; if no \fIfilename\fR is given then shorewall6\-lite will be restored from the file specified by the RESTOREFILE option in \m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[1]\d\s+2(5)\&. .RE .PP \fBsave\fR .RS 4 The dynamic blacklist is stored in /var/lib/shorewall6\-lite/save\&. The state of the firewall is stored in /var/lib/shorewall6\-lite/\fIfilename\fR for use by the \fBshorewall6\-lite restore\fR\&. If \fIfilename\fR is not given then the state is saved in the file specified by the RESTOREFILE option in \m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[1]\d\s+2(5)\&. .RE .PP \fBshow\fR .RS 4 The show command can have a number of different arguments: .PP \fBcapabilities\fR .RS 4 Displays your kernel/iptables capabilities\&. The \fB\-f\fR option causes the display to be formatted as a capabilities file for use with \fBcompile \-e\fR\&. .RE .PP [ [ \fBchain\fR ] \fIchain\fR\&.\&.\&. ] .RS 4 The rules in each \fIchain\fR are displayed using the \fBiptables \-L\fR \fIchain\fR \fB\-n \-v\fR command\&. If no \fIchain\fR is given, all of the chains in the filter table are displayed\&. The \fB\-x\fR option is passed directly through to iptables and causes actual packet and byte counts to be displayed\&. Without this option, those counts are abbreviated\&. The \fB\-t\fR option specifies the Netfilter table to display\&. The default is \fBfilter\fR\&. .sp The \fB\-l\fR option causes the rule number for each Netfilter rule to be displayed\&. .sp If the \fBt\fR option and the \fBchain\fR keyword are both omitted and any of the listed \fIchain\fRs do not exist, a usage message is displayed\&. .RE .PP \fBclassifiers|filters\fR .RS 4 Displays information about the packet classifiers defined on the system as a result of traffic shaping configuration\&. .RE .PP \fBconfig\fR .RS 4 Dispays distribution\-specific defaults\&. .RE .PP \fBconnections\fR .RS 4 Displays the IP connections currently being tracked by the firewall\&. .RE .PP \fBip\fR .RS 4 Displays the system\*(Aqs IPv4 configuration\&. .RE .PP \fBipa\fR .RS 4 Added in Shorewall 4\&.4\&.17\&. Displays the per\-IP accounting counters (\m[blue]\fBshorewall\-accounting\fR\m[]\&\s-2\u[3]\d\s+2 (5))\&. .RE .PP \fBlog\fR .RS 4 Displays the last 20 shorewall6\-lite messages from the log file specified by the LOGFILE option in \m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[1]\d\s+2(5)\&. The \fB\-m\fR option causes the MAC address of each packet source to be displayed if that information is available\&. .RE .PP \fBmarks\fR .RS 4 Added in Shorewall 4\&.4\&.26\&. Displays the various fields in packet marks giving the min and max value (in both decimal and hex) and the applicable mask (in hex)\&. .RE .PP \fBnat\fR .RS 4 Displays the Netfilter nat table using the command \fBiptables \-t nat \-L \-n \-v\fR\&.The \fB\-x\fR option is passed directly through to iptables and causes actual packet and byte counts to be displayed\&. Without this option, those counts are abbreviated\&. .RE .PP \fBpolicies\fR .RS 4 Added in Shorewall 4\&.4\&.4\&. Displays the applicable policy between each pair of zones\&. Note that implicit intrazone ACCEPT policies are not displayed for zones associated with a single network where that network doesn\*(Aqt specify \fBrouteback\fR\&. .RE .PP \fBrouting\fR .RS 4 Displays the system\*(Aqs IPv4 routing configuration\&. .RE .PP \fBraw\fR .RS 4 Displays the Netfilter raw table using the command \fBiptables \-t raw \-L \-n \-v\fR\&.The \fB\-x\fR option is passed directly through to iptables and causes actual packet and byte counts to be displayed\&. Without this option, those counts are abbreviated\&. .RE .PP \fBtc\fR .RS 4 Displays information about queuing disciplines, classes and filters\&. .RE .PP \fBzones\fR .RS 4 Displays the current composition of the Shorewall zones on the system\&. .RE .RE .PP \fBstart\fR .RS 4 Start Shorewall Lite\&. Existing connections through shorewall6\-lite managed interfaces are untouched\&. New connections will be allowed only if they are allowed by the firewall rules or policies\&. .sp The \fB\-p\fR option causes the connection tracking table to be flushed; the \fBconntrack\fR utility must be installed to use this option\&. .RE .PP \fBstop\fR .RS 4 Stops the firewall\&. All existing connections, except those listed in \m[blue]\fBshorewall\-routestopped\fR\m[]\&\s-2\u[4]\d\s+2(5) or permitted by the ADMINISABSENTMINDED option in \m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[1]\d\s+2(5), are taken down\&. The only new traffic permitted through the firewall is from systems listed in \m[blue]\fBshorewall\-routestopped\fR\m[]\&\s-2\u[4]\d\s+2(5) or by ADMINISABSENTMINDED\&. .sp If \fB\-f\fR is given, the command will be processed by the compiled script that executed the last successful \fBstart\fR, \fBrestart\fR or \fBrefresh\fR command if that script exists\&. .RE .PP \fBstatus\fR .RS 4 Produces a short report about the state of the Shorewall\-configured firewall\&. .RE .PP \fBversion\fR .RS 4 Displays Shorewall\*(Aqs version\&. The \fB\-a\fR option is included for compatibility with earlier Shorewall releases and is ignored\&. .RE .SH "FILES" .PP /etc/shorewall6\-lite/ .SH "SEE ALSO" .PP \m[blue]\fBhttp://www\&.shorewall\&.net/starting_and_stopping_shorewall\&.htm\fR\m[] .PP shorewall6\-accounting(5), shorewall6\-actions(5), shorewall6\-blacklist(5), shorewall6\-hosts(5), shorewall_interfaces(5), shorewall6\-ipsets(5), shorewall6\-maclist(5), shorewall6\-masq(5), shorewall6\-netmap(5), shorewall6\-params(5), shorewall6\-policy(5), shorewall6\-providers(5), shorewall6\-proxyarp(5), shorewall6\-rtrules(5), shorewall6\-routestopped(5), shorewall6\-rules(5), shorewall6\&.conf(5), shorewall6\-secmarks(5), shorewall6\-tcclasses(5), shorewall6\-tcdevices(5), shorewall6\-tcrules(5), shorewall6\-tos(5), shorewall6\-tunnels(5), shorewall6\-zones(5) .SH "NOTES" .IP " 1." 4 shorewall6.conf .RS 4 \%http://www.shorewall.net/manpages6/shorewall.conf.html .RE .IP " 2." 4 shorewall-interfaces .RS 4 \%http://www.shorewall.net/manpages6/shorewall-interfaces.html .RE .IP " 3." 4 shorewall-accounting .RS 4 \%http://www.shorewall.net/manpages6/manpages/shorewall-accounting.html .RE .IP " 4." 4 shorewall-routestopped .RS 4 \%http://www.shorewall.net/manpages6/shorewall-routestopped.html .RE