'\" t .\" Title: shorewall6-routestopped .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.75.2 .\" Date: 06/28/2012 .\" Manual: [FIXME: manual] .\" Source: [FIXME: source] .\" Language: English .\" .TH "SHOREWALL6\-ROUTESTO" "5" "06/28/2012" "[FIXME: source]" "[FIXME: manual]" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" routestopped \- The Shorewall6 file that governs what traffic flows through the firewall while it is in \*(Aqstopped\*(Aq state\&. .SH "SYNOPSIS" .HP \w'\fB/etc/shorewall6/routestopped\fR\ 'u \fB/etc/shorewall6/routestopped\fR .SH "DESCRIPTION" .PP This file is used to define the hosts that are accessible when the firewall is stopped or is being stopped\&. When shorewall6\-shell is being used, the file also determines those hosts that are accessible when the firewall is in the process of being [re]started\&. .PP The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in the alternate specification syntax)\&. .PP \fBINTERFACE\fR \- \fIinterface\fR .RS 4 Interface through which host(s) communicate with the firewall .RE .PP \fBHOST(S)\fR \- [\fB\-\fR|\fIaddress\fR[,\fIaddress\fR]\&.\&.\&.] .RS 4 Optional comma\-separated list of IP/subnet addresses\&. If your kernel and ip6tables include iprange match support, IP address ranges are also allowed\&. .sp If left empty or supplied as "\-", 0\&.0\&.0\&.0/0 is assumed\&. .RE .PP \fBOPTIONS\fR \- [\fB\-\fR|\fIoption\fR[\fB,\fR\fIoption\fR]\&.\&.\&.] .RS 4 An optional comma\-separated list of options\&. The order of the options is not important but the list can contain no embedded whitespace\&. The currently\-supported options are: .PP \fBrouteback\fR .RS 4 Set up a rule to ACCEPT traffic from these hosts back to themselves\&. Beginning with Shorewall 4\&.4\&.9, this option is automatically set if \fBrouteback\fR is specified in \m[blue]\fBshorewall6\-interfaces\fR\m[]\&\s-2\u[1]\d\s+2 (5) or if the rules compiler detects that the interface is a bridge\&. .RE .PP \fBsource\fR .RS 4 Allow traffic from these hosts to ANY destination\&. Without this option or the \fBdest\fR option, only traffic from this host to other listed hosts (and the firewall) is allowed\&. If \fBsource\fR is specified then \fBrouteback\fR is redundant\&. .RE .PP \fBdest\fR .RS 4 Allow traffic to these hosts from ANY source\&. Without this option or the \fBsource\fR option, only traffic from this host to other listed hosts (and the firewall) is allowed\&. If \fBdest\fR is specified then \fBrouteback\fR is redundant\&. .RE .PP \fBcritical\fR .RS 4 Allow traffic between the firewall and these hosts throughout \*(Aq[re]start\*(Aq, \*(Aqstop\*(Aq and \*(Aqclear\*(Aq\&. Specifying \fBcritical\fR on one or more entries will cause your firewall to be "totally open" for a brief window during each of those operations\&. Examples of where you might want to use this are: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \*(AqPing\*(Aq nodes with heartbeat\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} LDAP server(s) if you use LDAP Authentication .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} NFS Server if you have an NFS\-mounted root filesystem\&. .RE .RE .RE .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br .PP The \fBsource\fR and \fBdest\fR options work best when used in conjunction with ADMINISABSENTMINDED=Yes in \m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5)\&. .sp .5v .RE .SH "EXAMPLE" .PP Example 1: .RS 4 .sp .if n \{\ .RS 4 .\} .nf #INTERFACE HOST(S) OPTIONS eth2 2002:ce7c:92b4::/64 eth0 2002:ce7c:92b4:1::/64 br0 \- routeback eth3 \- source .fi .if n \{\ .RE .\} .RE .SH "FILES" .PP /etc/shorewall6/routestopped .SH "SEE ALSO" .PP \m[blue]\fBhttp://shorewall\&.net/starting_and_stopping_shorewall\&.htm\fR\m[] .PP \m[blue]\fBhttp://shorewall\&.net/configuration_file_basics\&.htm#Pairs\fR\m[] .PP shorewall6(8), shorewall6\-accounting(5), shorewall6\-actions(5), shorewall6\-blacklist(5), shorewall6\-hosts(5), shorewall6\-interfaces(5), shorewall6\-maclist(5), shoewall6\-netmap(5),shorewall6\-params(5), shorewall6\-policy(5), shorewall6\-providers(5), shorewall6\-rtrules(5), shorewall6\-rules(5), shorewall6\&.conf(5), shorewall6\-secmarks(5), shorewall6\-tcclasses(5), shorewall6\-tcdevices(5), shorewall6\-tcrules(5), shorewall6\-tos(5), shorewall6\-tunnels(5), shorewall6\-zones(5) .SH "NOTES" .IP " 1." 4 shorewall6-interfaces .RS 4 \%http://www.shorewall.net/manpages6/shorewall6-interfaces.html .RE .IP " 2." 4 shorewall6.conf .RS 4 \%http://www.shorewall.net/manpages6/shorewall6.conf.html .RE