Provided by: shorewall_5.1.12.2-1_all NAME logging - Shorewall logging SYNOPSIS action:level NFLOG(nflog-parameters) ULOG(ulog-parameters) DESCRIPTION The disposition of packets entering a Shorewall firewall is determined by one of a number of Shorewall facilities.

When looking for a configuration file other than shorewall.conf: · If the command is "try" or a "" was specified in the command (e.g., shorewall check./gateway) then the directory given in the command is searched first. · Next, each directory in the CONFIG_PATH setting is searched in sequence. Jan 03, 2012 · The basic function of zones is to set ipv4 or ipv6. Also note we now have a new concept referred to as 'fw'.. The fw entry simply means "me". It always refers to the Linux box shorewall is running on, and is completely independent of interfaces, ip addresses, or other network settings. In that release, two new options were added to shorewall.conf: RSH_COMMAND RCP_COMMAND The default values for these are as follows: RSH_COMMAND: ssh ${root}@${system} ${command} RCP_COMMAND: scp ${files} ${root}@${system}:${destination} Shell variables that will be set when the commands are invoked are as follows: root - root user. This file is used to specify the priority of traffic for simple traffic shaping (TC_ENABLED=Simple in shorewall.conf [1] (5)). The priority band of each packet is determined by the last entry that the packet matches. If a packet doesn't match any entry in this file, then its priority will be determined by its TOS field.

The main shorewall.conf is not managed by this module, rather the default one that your operatingsystem provides is used, and any modifications you wish to do to it should be configured with augeas, for example, to set IP_FORWARDING=Yes in shorewall.conf, simply do this:

The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in the alternate specification syntax). DISPOSITION - {ACCEPT|DROP|REJECT}[:log-level] ACCEPT or DROP (if MACLIST_TABLE=filter in shorewall.conf[3](5), then REJECT is also allowed). This covers setup and maintenance of Shorewall 5 on Enterprise Linux 7.x (RHEL, CentOS and derivatives).. Note: A previous version of this tutorial for EL6 and Shorewall 4.x is: "Shorewall on RPM-based Servers"

Setting RFC1918_STRICT=Yes in shorewall.conf will cause such traffic to be logged and dropped since while the packet's source matches the RETURN rule, the packet's destination matches the 'logdrop' rule. If not specified or specified as empty (e.g., RFC1918_STRICT="") then RFC1918_STRICT=No is assumed.

Dec 20, 2012 shorewall.conf - Shorewall global configuration file When looking for a configuration file other than shorewall.conf: · If the command is "try" or a "" was specified in the command (e.g., shorewall check./gateway) then the directory given in the command is searched first. · Next, each directory in the CONFIG_PATH setting is searched in sequence.