{"id":4367,"date":"2022-12-20T17:49:05","date_gmt":"2022-12-20T20:49:05","guid":{"rendered":"http:\/\/lode.uno\/linux-man\/index.php\/2022\/12\/20\/shorewallstoppedru-man5\/"},"modified":"2022-12-20T17:49:05","modified_gmt":"2022-12-20T20:49:05","slug":"shorewallstoppedru-man5","status":"publish","type":"post","link":"https:\/\/lode.uno\/linux-man\/2022\/12\/20\/shorewallstoppedru-man5\/","title":{"rendered":"SHOREWALL−STOPPEDRU (man5)"},"content":{"rendered":"

SHOREWALL\u2212STOPPEDRU<\/h1>\n

NAME<\/a>
SYNOPSIS<\/a>
DESCRIPTION<\/a>
FILES<\/a>
SEE ALSO<\/a>
NOTES<\/a> <\/p>\n

\n

NAME <\/a> <\/h2>\n

stoppedrules \u2212 The Shorewall file that governs what traffic flows through the firewall while it is in the ‘stopped’ state.<\/p>\n

SYNOPSIS <\/a> <\/h2>\n\n\n
<\/td>\n\n

\/etc\/shorewall[6]\/stoppedrules<\/b><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

DESCRIPTION <\/a> <\/h2>\n

This file is used to define the hosts that are accessible when the firewall is stopped or is being stopped.<\/p>\n

Warning<\/big><\/b>
Changes to this file do not take effect until after the next shorewall start<\/b>, shorewall reload<\/b>, shorewall restart<\/b>, or shorewall compile<\/b> command.<\/p>\n

The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in the alternate specification syntax).<\/p>\n

ACTION<\/b> \u2212 ACCEPT|NOTRACK|DROP<\/b><\/p>\n

Determines the disposition of the packet.<\/p>\n

ACCEPT<\/b> means that the packet will be accepted.<\/p>\n

NOTRACK<\/b> indicates that no conntrack entry should be created for the packet. NOTRACK<\/b> does not imply ACCEPT<\/b>.<\/p>\n

DROP<\/b> was added in Shorewall 4.6.0 and causes the packet to be dropped in the raw table’s PREROUTING chain.<\/p>\n

SOURCE<\/b> \u2212 [\u2212<\/b>|[$FW|interface<\/i>]|[{$FW|interface}[:address<\/i>[,address<\/i>]…]]|[address<\/i>[,address<\/i>]…]<\/p>\n

$FW<\/b> matches packets originating on the firewall itself, while interface<\/i> specifies packets arriving on the named interface.<\/p>\n

This column may also include a comma\u2212separated list of IP\/subnet addresses. If your kernel and iptables include iprange match support, IP address ranges are also allowed. Ipsets and exclusion are also supported. When $FW<\/b> or interface are specified, the list must be preceded by a colon (“:”).<\/p>\n

If left empty or supplied as “\u2212”, 0.0.0.0\/0 is assumed.<\/p>\n

DEST<\/b> \u2212 [\u2212<\/b>|[$FW|interface<\/i>]|[{$FW|interface}[:address<\/i>[,address<\/i>]…]]|[address<\/i>[,address<\/i>]…]<\/p>\n

$FW<\/b> matches packets addressed the firewall itself, while interface<\/i> specifies packets arriving on the named interface. Neither may be specified if the target is NOTRACK<\/b> or DROP<\/b>.<\/p>\n

This column may also include a comma\u2212separated list of IP\/subnet addresses. If your kernel and iptables include iprange match support, IP address ranges are also allowed. Ipsets and exclusion are also supported. When $FW<\/b> or interface are specified, the list must be preceded by a colon (“:”).<\/p>\n

If left empty or supplied as “\u2212”, 0.0.0.0\/0 is assumed.<\/p>\n

PROTO (Optional)<\/b> \u2013 protocol\u2212name\u2212or\u2212number<\/i>[,…]<\/p>\n

Protocol.<\/p>\n

Beginning with Shorewall 4.5.12, this column can accept a comma\u2212separated list of protocols.<\/p>\n

DPORT<\/b> \u2013 service\u2212name\/port\u2212number\u2212list<\/i><\/p>\n

Optional. A comma\u2212separated list of port numbers and\/or service names from \/etc\/services. May also include port ranges of the form low\u2212port<\/i>:high\u2212port<\/i> if your kernel and iptables include port range support.<\/p>\n

This column was formerly labelled DEST PORT(S).<\/p>\n

SPORT<\/b> \u2013 service\u2212name\/port\u2212number\u2212list<\/i><\/p>\n

Optional. A comma\u2212separated list of port numbers and\/or service names from \/etc\/services. May also include port ranges of the form low\u2212port<\/i>:high\u2212port<\/i> if your kernel and iptables include port range support.<\/p>\n

Beginning with Shorewall 4.5.15, you may place ‘=’ in this column, provided that the DPORT column is non\u2212empty. This causes the rule to match when either the source port or the destination port in a packet matches one of the ports specified in DEST PORTS(S). Use of ‘=’ requires multi\u2212port match in your iptables and kernel.<\/p>\n

This column was formerly labelled SOURCE PORT(S).<\/p>\n

FILES <\/a> <\/h2>\n

\/etc\/shorewall\/stoppedrules<\/p>\n

\/etc\/shorewall6\/stoppedrules<\/p>\n

SEE ALSO <\/a> <\/h2>\n

https:\/\/shorewall.org\/starting_and_stopping_shorewall.htm<\/font><\/b> [1]<\/font><\/small><\/p>\n

https:\/\/shorewall.org\/configuration_file_basics.htm#Pairs<\/font><\/b> [2]<\/font><\/small><\/p>\n

shorewall(8)<\/font><\/p>\n

NOTES <\/a> <\/h2>\n\n\n
<\/td>\n\n

1.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

https:\/\/shorewall.org\/starting_and_stopping_shorewall.htm<\/font><\/p>\n<\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/starting_and_stopping_shorewall.htm<\/font><\/p>\n\n\n
<\/td>\n\n

2.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

https:\/\/shorewall.org\/configuration_file_basics.htm#Pairs<\/font><\/p>\n<\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/configuration_file_basics.htm#Pairs<\/font><\/p>\n

\n","protected":false},"excerpt":{"rendered":"

stoppedrules \u2212 The Shorewall file that governs what traffic flows through the firewall while it is in the ‘stopped’ state. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[959],"tags":[961,1291,1376],"class_list":["post-4367","post","type-post","status-publish","format-standard","hentry","category-5-formatos-de-ficheros","tag-961","tag-man5","tag-shorewall-stoppedrules"],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/4367","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/comments?post=4367"}],"version-history":[{"count":0,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/4367\/revisions"}],"wp:attachment":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/media?parent=4367"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/categories?post=4367"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/tags?post=4367"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}