{"id":3149,"date":"2022-12-20T16:43:37","date_gmt":"2022-12-20T19:43:37","guid":{"rendered":"http:\/\/lode.uno\/linux-man\/index.php\/2022\/12\/20\/shorewallinit-man8\/"},"modified":"2022-12-20T16:43:37","modified_gmt":"2022-12-20T19:43:37","slug":"shorewallinit-man8","status":"publish","type":"post","link":"https:\/\/lode.uno\/linux-man\/2022\/12\/20\/shorewallinit-man8\/","title":{"rendered":"SHOREWALL−INIT (man8)"},"content":{"rendered":"

SHOREWALL\u2212INIT<\/h1>\n

NAME<\/a>
SYNOPSIS<\/a>
DESCRIPTION<\/a>
FILES<\/a>
SEE ALSO<\/a>
NOTES<\/a> <\/p>\n

\n

NAME <\/a> <\/h2>\n

shorewall-init \u2212 Companion package<\/p>\n

SYNOPSIS <\/a> <\/h2>\n\n\n
<\/td>\n\n

shorewall\u2212init<\/b> [start|stop]<\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

DESCRIPTION <\/a> <\/h2>\n

Shorewall\u2212init is an optional package (added in Shorewall 4.4.10) that can be installed along with Shorewall, Shorewall6, Shorewall\u2212lite and\/or Shorewall6\u2212lite. It provides two key features:<\/p>\n

1. It can close (stop) the firewall during boot prior to starting the network. This can prevent unwanted connections from being accepted after the network comes up but before the firewall is started.<\/p>\n

2. It can interface with your distribution’s ifup\/ifdown scripts and\/or NetworkManager to allow firewall actions when an interface starts or stops.<\/p>\n

These two capabilities can be enabled separately.<\/p>\n

After you install the shorewall\u2212init package, you can activate it by modifying the Shorewall\u2212init configuration file:<\/p>\n

\u2022 On Debian\u2212based system, the file is \/etc\/default\/shorewall\u2212init.<\/p>\n

\u2022 On other systems, the file is \/etc\/sysconfig\/shorewall\u2212init.<\/p>\n

To activate the safe boot feature, edit the configuration file and set PRODUCTS to a space\u2212separated list of Shorewall products that you want to be closed before networking starts.<\/p>\n

Example:<\/p>\n

PRODUCTS=”shorewall shorewall6″<\/p>\n

You also must insure that the compiled scripts for the listed products are compiled using Shorewall 4.4.10 or later.<\/p>\n

Shorewall<\/p>\n

shorewall compile<\/b><\/p>\n

Shorewall6<\/p>\n

shorewall6 compile<\/b><\/p>\n

Shorewall\u2212lite<\/p>\n

On the administrative system, enter the command shorewall export firewall<\/b> from the firewall’s configuration directory.<\/p>\n

Shorewall6\u2212lite<\/p>\n

On the administrative system, enter the command shorewall6 export firewall<\/b> from the firewall’s configuration directory.<\/p>\n

The second feature (ifup\/ifdown and NetworkManager integration) should only be activated on systems that do not use a link status monitor line swping or LSM.<\/p>\n

\u2022 Edit the configuration file and set IFUPDOWN=1<\/p>\n

For NetworkManager integration, you will want to disable firewall startup at boot and delay it to when your interface comes up. For this to work correctly, you must set the required or the optional option on at least one interface then:<\/p>\n

\u2022 On Debian\u2212based systems, edit \/etc\/default\/product<\/i> for each product<\/i> listed in the PRODUCTS setting and set startup=0<\/b>.<\/p>\n

\u2022 On other systems, use the distribution’s service control tool (insserv, chkconfig, etc.) to disable startup of the products listed in the PRODUCTS setting.<\/p>\n

On a laptop with both Ethernet and wireless interfaces, you will want to make both interfaces optional and set the REQUIRE_INTERFACE option to Yes in shorewall.conf<\/font><\/b> [1]<\/font><\/small> (5) or<\/font> shorewall6.conf<\/font><\/b> [1]<\/font><\/small> (5). This causes the firewall to remain stopped until at least one of the interfaces comes up.<\/font><\/p>\n

FILES <\/a> <\/h2>\n

\/etc\/default\/shorewall\u2212init (Debian\u2212based systems) or \/etc\/sysconfig\/shorewall\u2212init (other distributions)<\/font><\/p>\n

SEE ALSO <\/a> <\/h2>\n

shorewall(8)<\/font><\/p>\n

NOTES <\/a> <\/h2>\n\n\n
<\/td>\n\n

1.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

shorewall.conf<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall.conf.html<\/font><\/p>\n

\n","protected":false},"excerpt":{"rendered":"

shorewall-init \u2212 Companion package <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[5,52,4,293],"class_list":["post-3149","post","type-post","status-publish","format-standard","hentry","category-8-administracion-del-sistema","tag-5","tag-administracion","tag-man8","tag-shorewall-init"],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3149","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/comments?post=3149"}],"version-history":[{"count":0,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3149\/revisions"}],"wp:attachment":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/media?parent=3149"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/categories?post=3149"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/tags?post=3149"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}