{"id":4605,"date":"2022-12-20T18:09:15","date_gmt":"2022-12-20T21:09:15","guid":{"rendered":"http:\/\/lode.uno\/linux-man\/index.php\/2022\/12\/20\/shorewallfiles-man5\/"},"modified":"2022-12-20T18:09:15","modified_gmt":"2022-12-20T21:09:15","slug":"shorewallfiles-man5","status":"publish","type":"post","link":"https:\/\/lode.uno\/linux-man\/2022\/12\/20\/shorewallfiles-man5\/","title":{"rendered":"SHOREWALL−FILES (man5)"},"content":{"rendered":"

SHOREWALL\u2212FILES<\/h1>\n

NAME<\/a>
SYNOPSIS<\/a>
DESCRIPTION<\/a>
CONFIG_PATH<\/a>
COMMENTS<\/a>
BLANK LINES<\/a>
LINE CONTINUATION<\/a>
ALTERNATIVE SPECIFICATION OF COLUMN VALUES<\/a>
TIME COLUMNS<\/a>
SWITCHES<\/a>
FILES<\/a>
NOTES<\/a> <\/p>\n

\n

NAME <\/a> <\/h2>\n

files \u2212 Shorewall Configuration Files<\/p>\n

SYNOPSIS <\/a> <\/h2>\n\n\n
<\/td>\n\n

\/etc\/shorewall[6]\/*<\/b><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

DESCRIPTION <\/a> <\/h2>\n

The following are the Shorewall[6] configuration files:<\/p>\n

\u2022 \/etc\/shorewall\/shorewall.conf and \/etc\/shorewall6\/shorewall6.conf<\/font><\/b> [1]<\/font><\/small> \u2212 used to set global firewall parameters.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/params<\/font><\/b> [2]<\/font><\/small> \u2212 use this file to set shell variables that you will expand in other files. It is always processed by \/bin\/sh or by the shell specified through SHOREWALL_SHELL in \/etc\/shorewall\/shorewall.conf.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/zones<\/font><\/b> [3]<\/font><\/small> \u2212 partition the firewall’s view of the world into zones.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/policy<\/font><\/b> [4]<\/font><\/small> \u2212 establishes firewall high\u2212level policy.<\/font><\/p>\n

\u2022 \/etc\/shorewall[6]\/initdone \u2212 An optional Perl script that will be invoked by the Shorewall rules compiler when the compiler has finished it’s initialization.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/interfaces<\/font><\/b> [5]<\/font><\/small> \u2212 describes the interfaces on the firewall system.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/hosts<\/font><\/b> [6]<\/font><\/small> \u2212 allows defining zones in terms of individual hosts and subnetworks.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/masq<\/font><\/b> [7]<\/font><\/small> \u2212 directs the firewall where to use many\u2212to\u2212one (dynamic) Network Address Translation (a.k.a. Masquerading) and Source Network Address Translation (SNAT). Superseded by \/etc\/shorewall[6]\/snat in Shorewall 5.0.14 and not supported in Shorewall 5.1.0 and later versions.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/mangle<\/font><\/b> [8]<\/font><\/small> \u2212 supersedes \/etc\/shorewall\/tcrules in Shorewall 4.6.0. Contains rules for packet marking, TTL, TPROXY, etc.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/rules<\/font><\/b> [9]<\/font><\/small> \u2212 defines rules that are exceptions to the overall policies established in \/etc\/shorewall\/policy.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/nat<\/font><\/b> [10]<\/font><\/small> \u2212 defines one\u2212to\u2212one NAT rules.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall6\/proxyarp<\/font><\/b> [11]<\/font><\/small> \u2212 defines use of Proxy ARP.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall6\/proxyndp<\/font><\/b> [12]<\/font><\/small> \u2212 defines use of Proxy NDP.<\/font><\/p>\n

\u2022 \/etc\/shorewall[6]\/routestopped \u2212 defines hosts accessible when Shorewall is stopped. Superseded in Shorewall 4.6.8 by \/etc\/shorewall\/stoppedrules. Not supported in Shorewall 5.0.0 and later versions.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/tcrules<\/font><\/b> [13]<\/font><\/small> \u2212 The file has a rather unfortunate name because it is used to define marking of packets for later use by both traffic control\/shaping and policy routing. This file is superseded by \/etc\/shorewall\/mangle in Shorewall 4.6.0. Not supported in Shorewall 5.0.0 and later releases.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/tos<\/font><\/b> [14]<\/font><\/small> \u2212 defines rules for setting the TOS field in packet headers. Superseded in Shorewall 4.5.1 by the TOS target in \/etc\/shorewall\/tcrules (which file has since been superseded by \/etc\/shorewall\/mangle). Not supported in Shorewall 5.0.0 and later versions.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/tunnels<\/font><\/b> [15]<\/font><\/small> \u2212 defines tunnels (VPN) with end\u2212points on the firewall system.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/blacklist<\/font><\/b> [16]<\/font><\/small> \u2212 Deprecated in favor of \/etc\/shorewall\/blrules. Lists blacklisted IP\/subnet\/MAC addresses. Not supported in Shorewall 5.0.0 and later releases.<\/font><\/p>\n

\u2022 \/etc\/shorewall[6]\/blrules \u2014 Added in Shorewall 4.5.0. Define blacklisting and whitelisting. Supersedes \/etc\/shorewall\/blacklist.<\/font><\/p>\n

\u2022 \/etc\/shorewall[6]\/init \u2212 shell commands that you wish to execute at the beginning of a \u201cshorewall start\u201d, “shorewall reload” or \u201cshorewall restart\u201d.<\/font><\/p>\n

\u2022 \/etc\/shorewall[6]\/start \u2212 shell commands that you wish to execute near the completion of a \u201cshorewall start\u201d, “shorewall reload” or \u201cshorewall restart\u201d<\/font><\/p>\n

\u2022 \/etc\/shorewall[6]\/started \u2212 shell commands that you wish to execute after the completion of a \u201cshorewall start\u201d, “shorewall reload” or \u201cshorewall restart\u201d<\/font><\/p>\n

\u2022 \/etc\/shorewall[6]\/stop\u2212 commands that you wish to execute at the beginning of a \u201cshorewall stop\u201d.<\/font><\/p>\n

\u2022 \/etc\/shorewall[6]\/stopped \u2212 shell commands that you wish to execute at the completion of a \u201cshorewall stop\u201d.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall\/ecn<\/font><\/b> [17]<\/font><\/small> \u2212 disable Explicit Congestion Notification (ECN \u2212 RFC 3168) to remote hosts or networks. Superseded by ECN entries in \/etc\/shorewall\/mangle in Shorewall 5.0.6.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall\/accounting<\/font><\/b> [18]<\/font><\/small> \u2212 define IP traffic accounting rules<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/actions<\/font><\/b> [19]<\/font><\/small> and \/usr\/share\/shorewall6\/action.template allow user\u2212defined actions.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/providers<\/font><\/b> [20]<\/font><\/small> \u2212 defines alternate routing tables.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/rtrules<\/font><\/b> [21]<\/font><\/small> \u2212 Defines routing rules to be used in conjunction with the routing tables defined in \/etc\/shorewall\/providers.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/tcdevices<\/font><\/b> [22]<\/font><\/small> ,<\/font> \/etc\/shorewall[6]\/tcclasses<\/font><\/b> [23]<\/font><\/small> ,<\/font> \/etc\/shorewall[6]\/tcfilters<\/font><\/b> [24]<\/font><\/small> \u2212 Define complex traffic shaping.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/tcrules<\/font><\/b> [13]<\/font><\/small> \u2212 Mark or classify traffic for traffic shaping or multiple providers. Deprecated in Shorewall 4.6.0 in favor of \/etc\/shorewall\/mangle. Not supported in Shorewall 5.0.0 and later releases.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/tcinterfaces<\/font><\/b> [25]<\/font><\/small> and<\/font> \/etc\/shorewall[6]\/tcpri<\/font><\/b> [26]<\/font><\/small> \u2212 Define simple traffic shaping.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/secmarks<\/font><\/b> [27]<\/font><\/small> \u2212 Added in Shorewall 4.4.13. Attach an SELinux context to selected packets.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/vardir<\/font><\/b> [28]<\/font><\/small> \u2212 Determines the directory where Shorewall maintains its state.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall\/arprules<\/font><\/b> [29]<\/font><\/small> \u2014 Added in Shorewall 4.5.12. Allows specification of arptables rules.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall\/mangle<\/font><\/b> [8]<\/font><\/small> \u2212\u2212 Added in Shorewall 4.6.0. Supersedes\/etc\/shorewall\/tcrules.<\/font><\/p>\n

\u2022<\/font> \/etc\/shorewall[6]\/snat<\/font><\/b> [30]<\/font><\/small> \u2212 directs the firewall where to use many\u2212to\u2212one (dynamic) Network Address Translation (a.k.a. Masquerading) and Source Network Address Translation (SNAT). Superseded \/etc\/shorewall[6]\/masq in Shorewall 5.0.14<\/font><\/p>\n

\u2022 \/usr\/share\/shorewall6\/actions.std \u2212 Actions defined by Shorewall.<\/font><\/p>\n

\u2022 \/usr\/share\/shorewall6\/action.mangletemplate \/usr\/share\/shorewall6\/action.template \u2212 Details of actions defined by Shorewall.<\/font><\/p>\n

\u2022 \/usr\/share\/shorewall6\/macro.mDNS \/usr\/share\/shorewall6\/macro.mDNSbi \/usr\/share\/shorewall6\/macro.Ping \/usr\/share\/shorewall6\/macro.Trcrt \u2212 Details of macros defined by Shorewall.<\/font><\/p>\n

\u2022 \/usr\/share\/shorewall[6]\/modules \u2014 Specifies the kernel modules to be loaded during shorewall start\/restart.<\/font><\/p>\n

\u2022 \/usr\/share\/shorewall6\/helpers \u2014 Added in Shorewall 4.4.7. Specifies the kernel modules to be loaded during shorewall start\/restart when LOAD_HELPERS_ONLY=Yes in shorewall.conf.<\/font><\/p>\n

CONFIG_PATH <\/a> <\/h2>\n

The CONFIG_PATH option in<\/font> shorewall[6].conf(5)<\/font><\/b> [20]<\/font><\/small> determines where the compiler searches for configuration files. The default setting is CONFIG_PATH=\/etc\/shorewall:\/usr\/share\/shorewall which means that the compiler first looks in \/etc\/shorewall and if it doesn’t find the file, it then looks in \/usr\/share\/shorewall.<\/font><\/p>\n

You can change this setting to have the compiler look in different places. For example, if you want to put your own versions of standard macros in \/etc\/shorewall\/Macros, then you could set CONFIG_PATH=\/etc\/shorewall:\/etc\/shorewall\/Macros:\/usr\/share\/shorewall and the compiler will use your versions rather than the standard ones.<\/font><\/p>\n

COMMENTS <\/a> <\/h2>\n

You may place comments in configuration files by making the first non\u2212whitespace character a pound sign (\u201c#\u201d). You may also place comments at the end of any line, again by delimiting the comment from the rest of the line with a pound sign.<\/font><\/p>\n

Example\u00a01.\u00a0Comments in a Configuration File<\/b><\/font><\/p>\n

# This is a comment
ACCEPT net $FW tcp www #This is an end\u2212of\u2212line comment<\/font><\/p>\n

Important<\/big><\/b>
Except in<\/font> shorewall.conf(5)<\/font><\/b> [1]<\/font><\/small> and<\/font> params(5)<\/font><\/b> [2]<\/font><\/small> , if a comment ends with a backslash (“”), the next line will also be treated as a comment. See Line Continuation below.<\/font><\/p>\n

BLANK LINES <\/a> <\/h2>\n

Most of the configuration files are organized into space\u2212separated columns. If you don’t want to supply a value in a column but want to supply a value in a following column, simply enter ‘\u2212’ to make the column appear empty.<\/font><\/p>\n

Example:<\/font><\/p>\n

#INTERFACE BROADCAST OPTIONS
br0 \u2212 routeback<\/font><\/p>\n

LINE CONTINUATION <\/a> <\/h2>\n

Lines may be continued using the usual backslash (\u201c\u201d) followed immediately by a new line character (Enter key).<\/font><\/p>\n

ACCEPT net $FW tcp \u21b5
smtp,www,pop3,imap #Services running on the firewall<\/font><\/p>\n

Important<\/big><\/b>
What follows does NOT apply to<\/font> shorewall\u2212params(5)<\/font><\/b> [31]<\/font><\/small> and<\/font> shorewall.conf(5)<\/font><\/b> [1]<\/font><\/small> .<\/font><\/p>\n

In certain cases, leading white space is ignored in continuation lines:<\/font><\/p>\n

1. The continued line ends with a colon (“:”)<\/font><\/p>\n

2. The continued line ends with a comma (“,”)<\/font><\/p>\n

Example (\/etc\/shorewall\/rules):<\/font><\/p>\n

#ACTION SOURCE DEST PROTO DPORT
ACCEPT net:
206.124.146.177,
206.124.146.178,
206.124.146.180
dmz tcp 873<\/font><\/p>\n

The leading white space on the first through third continuation lines is ignored so the SOURCE column effectively contains “net:206.124.146.177,206.124.147.178,206.124.146.180”. Because the third continuation line does not end with a comma or colon, the leading white space in the last line is not ignored.<\/font><\/p>\n

Important<\/big><\/b>
A trailing backslash is not ignored in a comment. So the continued rule above can be commented out with a single ‘#’ as follows:<\/font><\/p>\n

#ACTION SOURCE DEST PROTO DPORT
#<\/b>ACCEPT net:
206.124.146.177,
206.124.146.178,
206.124.146.180
dmz tcp 873<\/font><\/p>\n

ALTERNATIVE SPECIFICATION OF COLUMN VALUES <\/a> <\/h2>\n

Some of the configuration files now have a large number of columns. That makes it awkward to specify a value for one of the right\u2212most columns as you must have the correct number of intervening ‘\u2212’ columns.<\/font><\/p>\n

This problem is addressed by allowing column values to be specified as column\u2212name<\/i>\/value<\/i> pairs.<\/font><\/p>\n

There is considerable flexibility in how you specify the pairs:<\/font><\/p>\n

\u2022 At any point, you can enter a left curly bracket (‘{‘) followed by one or more specifications of the following forms:<\/font><\/p>\n

column\u2212name<\/i>=value
column\u2212name<\/i>=>value
column\u2212name<\/i>:value<\/i><\/font><\/p>\n

The pairs must be followed by a right curly bracket (“}”).<\/font><\/p>\n

The value may optionally be enclosed in double quotes.<\/font><\/p>\n

The pairs must be separated by white space, but you can add a comma adjacent to the values<\/i> for readability as in:<\/font><\/p>\n

{ proto=>udp, port=1024
}<\/b><\/font><\/p>\n

\u2022 You can also separate the pairs from columns by using a semicolon:<\/font><\/p>\n

; proto:udp,
port:1024<\/b><\/font><\/p>\n

In Shorewall 5.0.3, the sample configuration files and the man pages were updated to use the same column names in both the column headings and in the alternate specification format. The following table shows the column names for each of the table\u2212oriented configuration files.<\/font><\/p>\n

Note<\/big><\/b>
Column names are case\u2212insensitive<\/b>.<\/font><\/p>\n<\/table>\n

\"Image<\/font><\/p>\n

Example (rules file):<\/font><\/p>\n

#ACTION SOURCE DEST PROTO DPORT
DNAT net loc:10.0.0.1 tcp 80 ; mark=”88″<\/font><\/p>\n

Here’s the same line in several equivalent formats:<\/font><\/p>\n

{ action=>DNAT, source=>net, dest=>loc:10.0.0.1, proto=>tcp, dport=>80, mark=>88 }
; action:”DNAT” source:”net” dest:”loc:10.0.0.1″ proto:”tcp” dport:”80″ mark:”88″
DNAT { source=net dest=loc:10.0.0.1 proto=tcp dport=80 mark=88 }<\/font><\/p>\n

Beginning with Shorewall 5.0.11, ip[6]table comments can be attached to individual rules using the comment<\/b> keyword.<\/font><\/p>\n

Example from the rules file:<\/font><\/p>\n

ACCEPT net $FW { proto=tcp, dport=22, comment=”Accept “SSH”” }<\/font><\/p>\n

As shown in that example, when the comment contains whitespace, it must be enclosed in double quotes and any embedded double quotes must be escaped using a backslash (“”).<\/font><\/p>\n

TIME COLUMNS <\/a> <\/h2>\n

Several of the files include a TIME column that allows you to specify times when the rule is to be applied. Contents of this column is a list of timeelement<\/i>s separated by apersands (&).<\/font><\/p>\n

Each timeelement<\/i> is one of the following:<\/font><\/p>\n

timestart=hh<\/i>:mm<\/i>[:ss<\/i>]<\/font><\/p>\n

Defines the starting time of day.<\/font><\/p>\n

timestop=hh<\/i>:mm<\/i>[:ss<\/i>]<\/font><\/p>\n

Defines the ending time of day.<\/font><\/p>\n

contiguous<\/font><\/p>\n

Added in Shoreawll 5.0.12. When timestop<\/b> is smaller than timestart<\/b> value, match this as a single time period instead of distinct intervals. See the Examples below.<\/font><\/p>\n

utc<\/font><\/p>\n

Times are expressed in Greenwich Mean Time.<\/font><\/p>\n

localtz<\/font><\/p>\n

Deprecated by the Netfilter team in favor of kerneltz<\/b>. Times are expressed in Local Civil Time (default).<\/font><\/p>\n

kerneltz<\/font><\/p>\n

Added in Shorewall 4.5.2. Times are expressed in Local Kernel Time (requires iptables 1.4.12 or later).<\/font><\/p>\n

weekdays=ddd[,ddd]…<\/font><\/p>\n

where ddd<\/i> is one of Mon<\/b>, Tue<\/b>, Wed<\/b>, Thu<\/b>, Fri<\/b>, Sat<\/b> or Sun<\/b><\/font><\/p>\n

monthdays=dd[,dd],…<\/font><\/p>\n

where dd<\/i> is an ordinal day of the month<\/font><\/p>\n

datestart=yyyy<\/i>[\u2212mm<\/i>[\u2212dd<\/i>[T<\/b>hh<\/i>[:mm<\/i>[:ss<\/i>]]]]]<\/font><\/p>\n

Defines the starting date and time.<\/font><\/p>\n

datestop=yyyy<\/i>[\u2212mm<\/i>[\u2212dd<\/i>[T<\/b>hh<\/i>[:mm<\/i>[:ss<\/i>]]]]]<\/font><\/p>\n

Defines the ending date and time.<\/font><\/p>\n

Examples:<\/font><\/p>\n

To match on weekends, use:<\/font><\/p>\n

weekdays=Sat,Sun<\/font><\/p>\n

Or, to match (once) on a national holiday block:<\/font><\/p>\n

datestart=2016\u221212\u221224&datestop=2016\u221212\u221227<\/font><\/p>\n

Since the stop time is actually inclusive, you would need the following stop time to not match the first second of the new day:<\/font><\/p>\n

datestart=2016\u221212\u221224T17:00&datestop=2016\u221212\u221227T23:59:59<\/font><\/p>\n

During Lunch Hour<\/font><\/p>\n

The fourth Friday in the month:<\/font><\/p>\n

weekdays=Fri&monthdays=22,23,24,25,26,27,28<\/font><\/p>\n

Matching across days might not do what is expected. For instance,<\/font><\/p>\n

weekdays=Mon&timestart=23:00&timestop=01:00<\/font><\/p>\n

Will match Monday, for one hour from midnight to 1 a.m., and then again for another hour from 23:00 onwards. If this is unwanted, e.g. if you would like ‘match for two hours from Montay 23:00 onwards’ you need to also specify the contiguous<\/b> option in the example above.<\/font><\/p>\n

SWITCHES <\/a> <\/h2>\n

here are times when you would like to enable or disable one or more rules in the configuration without having to do a shorewall reload<\/b> or shorewall restart<\/b>. This may be accomplished using the SWITCH column in<\/font> shorewall\u2212rules<\/font><\/b> [32]<\/font><\/small> (5) or<\/font> shorewall6\u2212rules<\/font><\/b> [32]<\/font><\/small> (5). Using this column requires that your kernel and iptables include Condition Match Support and you must be running Shorewall 4.4.24 or later. See the output of shorewall show capabilities<\/b> and shorewall version<\/b> to determine if you can use this feature.<\/font><\/p>\n

The SWITCH column contains the name of a switch. Each switch is initially in the off<\/b> position. You can turn on the switch named switch1<\/i> by:<\/font><\/p>\n

echo 1 >
\/proc\/net\/nf_condition\/switch1<\/b><\/font><\/p>\n

You can turn it off again by:<\/font><\/p>\n

echo 0 >
\/proc\/net\/nf_condition\/switch1<\/b><\/font><\/p>\n

If you simply include the switch name in the SWITCH column, then the rule is enabled only when the switch is on<\/b>. If you precede the switch name with ! (e.g., !switch1), then the rule is enabled only when the switch is off<\/b>. Switch settings are retained over shorewall reload<\/b>.<\/font><\/p>\n

Shorewall requires that switch names:<\/font><\/p>\n

\u2022 begin with a letter and be composed of letters, digits, underscore (‘_’) or hyphen (‘\u2212’); and<\/font><\/p>\n

\u2022 be 30 characters or less in length.<\/font><\/p>\n

Multiple rules can be controlled by the same switch.<\/font><\/p>\n

Example:<\/font><\/p>\n

Forward port 80 to dmz host $BACKUP if switch ‘primary_down’ is on.<\/font><\/p>\n

#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER MARK CONNLIMIT TIME HEADERS SWITCH
DNAT net dmz:$BACKUP tcp 80 \u2212 \u2212 \u2212 \u2212 \u2212 \u2212 \u2212 \u2212 primary_down<\/b><\/font><\/p>\n

FILES <\/a> <\/h2>\n

\/etc\/shorewall[6]\/*<\/font><\/p>\n

NOTES <\/a> <\/h2>\n\n\n
<\/td>\n\n

1.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall\/shorewall.conf<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

and \/etc\/shorewall6\/shorewall6.conf
https:\/\/shorewall.org\/manpages\/shorewall.conf.html<\/font><\/p>\n\n\n
<\/td>\n\n

2.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/params<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-params.html<\/font><\/p>\n\n\n
<\/td>\n\n

3.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/zones<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-zones.html<\/font><\/p>\n\n\n
<\/td>\n\n

4.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/policy<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-policy.html<\/font><\/p>\n\n\n
<\/td>\n\n

5.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/interfaces<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-interfaces.html<\/font><\/p>\n\n\n
<\/td>\n\n

6.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/hosts<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-hosts.html<\/font><\/p>\n\n\n
<\/td>\n\n

7.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/masq<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-masq.html<\/font><\/p>\n\n\n
<\/td>\n\n

8.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/mangle<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-mangle.html<\/font><\/p>\n\n\n
<\/td>\n\n

9.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/rules<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-rules.html<\/font><\/p>\n\n\n
<\/td>\n\n

10.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/nat<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-nat.html<\/font><\/p>\n\n\n
<\/td>\n\n

11.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall6\/proxyarp<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-proxyarp.html<\/font><\/p>\n\n\n
<\/td>\n\n

12.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall6\/proxyndp<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-proxyndp.html<\/font><\/p>\n\n\n
<\/td>\n\n

13.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/tcrules<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-tcrules.html<\/font><\/p>\n\n\n
<\/td>\n\n

14.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/tos<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-tos.html<\/font><\/p>\n\n\n
<\/td>\n\n

15.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/tunnels<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-tunnels.html<\/font><\/p>\n\n\n
<\/td>\n\n

16.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/blacklist<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-blacklist.html<\/font><\/p>\n\n\n
<\/td>\n\n

17.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall\/ecn<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-ecn.html<\/font><\/p>\n\n\n
<\/td>\n\n

18.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall\/accounting<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-accounting.html<\/font><\/p>\n\n\n
<\/td>\n\n

19.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/actions<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-actions.html<\/font><\/p>\n\n\n
<\/td>\n\n

20.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/providers<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/???<\/font><\/p>\n\n\n
<\/td>\n\n

21.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/rtrules<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-rtrules.html<\/font><\/p>\n\n\n
<\/td>\n\n

22.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/tcdevices<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-tcdevices.html<\/font><\/p>\n\n\n
<\/td>\n\n

23.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/tcclasses<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-tcclasses.html<\/font><\/p>\n\n\n
<\/td>\n\n

24.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/tcfilters<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-tcfilters.html<\/font><\/p>\n\n\n
<\/td>\n\n

25.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/tcinterfaces<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-tcinterfaces.html<\/font><\/p>\n\n\n
<\/td>\n\n

26.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/tcpri<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-tcpri.html<\/font><\/p>\n\n\n
<\/td>\n\n

27.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/secmarks<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-secmarks.html<\/font><\/p>\n\n\n
<\/td>\n\n

28.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/vardir<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-vardir.html<\/font><\/p>\n\n\n
<\/td>\n\n

29.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall\/arprules<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-arprules.html<\/font><\/p>\n\n\n
<\/td>\n\n

30.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

\/etc\/shorewall[6]\/snat<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-snat.html<\/font><\/p>\n\n\n
<\/td>\n\n

31.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

shorewall-params(5)<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-params.html<\/font><\/p>\n\n\n
<\/td>\n\n

32.<\/font><\/p>\n<\/td>\n

<\/td>\n\n

shorewall-rules<\/font><\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

https:\/\/shorewall.org\/manpages\/shorewall-rules.html<\/font><\/p>\n

\n","protected":false},"excerpt":{"rendered":"

files \u2212 Shorewall Configuration Files <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[959],"tags":[961,1291,1552],"class_list":["post-4605","post","type-post","status-publish","format-standard","hentry","category-5-formatos-de-ficheros","tag-961","tag-man5","tag-shorewall-files"],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/4605","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/comments?post=4605"}],"version-history":[{"count":0,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/4605\/revisions"}],"wp:attachment":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/media?parent=4605"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/categories?post=4605"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/tags?post=4605"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}