Scroll to navigation

SHOREWALL-LITE.CO(5) [FIXME: manual] SHOREWALL-LITE.CO(5)

NAME

shorewall-lite.conf - Shorewall Lite global configuration file

SYNOPSIS

/etc/shorewall-lite/shorewall-lite.conf

DESCRIPTION

This file sets options that apply to Shorewall Lite as a whole.
The file consists of Shell comments (lines beginning with '#'), blank lines and assignment statements ( variable=value). Each variable's setting is preceded by comments that describe the variable and it's effect.
Any option not specified in this file gets its value from the shorewall.conf file used during compilation of /var/lib/shorewall-lite/firewall. Those settings may be found in the file /var/lib/shorewall-lite/firewall.conf.

OPTIONS

The following options may be set in shorewall.conf.
IPTABLES=[pathname]
This parameter names the iptables executable to be used by Shorewall. If not specified or if specified as a null value, then the iptables executable located using the PATH option is used.
LOGFILE=[pathname]
This parameter tells the /sbin/shorewall program where to look for Shorewall messages when processing the dump, logwatch, show log, and hits commands. If not assigned or if assigned an empty value, /var/log/messages is assumed.
LOGFORMAT=["formattemplate"]
The value of this variable generate the --log-prefix setting for Shorewall logging rules. It contains a “printf” formatting template which accepts three arguments (the chain name, logging rule number (optional) and the disposition). To use LOGFORMAT with fireparse, set it as:
 
    LOGFORMAT="fp=%s:%d a=%s "
 
If the LOGFORMAT value contains the substring “%d” then the logging rule number is calculated and formatted in that position; if that substring is not included then the rule number is not included. If not supplied or supplied as empty (LOGFORMAT="") then “Shorewall:%s:%s:” is assumed.
PATH=pathname[:pathname]...
Determines the order in which Shorewall searches directories for executable files.
RESTOREFILE=[filename]
Specifies the simple name of a file in /var/lib/shorewall to be used as the default restore script in the shorewall save, shorewall restore, shorewall forget and shorewall -f start commands.
SHOREWALL_SHELL=[pathname]
This option is used to specify the shell program to be used to run the Shorewall compiler and to interpret the compiled script. If not specified or specified as a null value, /bin/sh is assumed. Using a light-weight shell such as ash or dash can significantly improve performance.
SUBSYSLOCK=[pathname]
This parameter should be set to the name of a file that the firewall should create if it starts successfully and remove when it stops. Creating and removing this file allows Shorewall to work with your distribution's initscripts. For RedHat, this should be set to /var/lock/subsys/shorewall. For Debian, the value is /var/state/shorewall and in LEAF it is /var/run/shorwall.
VERBOSITY=[ number]
Shorewall has traditionally been very noisy (produced lots of output). You may set the default level of verbosity using the VERBOSITY OPTION.
 
Values are:
0 - Silent. You may make it more verbose using the -v
option
1 - Major progress messages displayed
2 - All progress messages displayed (old default
behavior)
If not specified, then 2 is assumed.

FILES

/etc/shorewall-lite/shorewall.conf

SEE ALSO

http://www.shorewall.net/Documentation_Index.html
shorewall-lite(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
06/28/2012 [FIXME: source]