Provided by: shorewall-lite_4.0.6-1_all bug


       shorewall-lite.conf - Shorewall Lite global configuration file




       This file sets options that apply to Shorewall Lite as a whole.

       The  file  consists of Shell comments (lines beginning with ’#’), blank
       lines  and  assignment  statements  (variable=value).  Each  variable’s
       setting  is  preceded  by  comments that describe the variable and it’s

       Any option  not  specified  in  this  file  gets  its  value  from  the
       shorewall.conf  file  used  during  compilation  of /var/lib/shorewall-
       lite/firewall.   Those   settings   may   be   found   in   the    file


       The following options may be set in shorewall.conf.

              This  parameter  names  the  iptables  executable  to be used by
              Shorewall. If not specified or if specified  as  a  null  value,
              then  the  iptables  executable located using the PATH option is

              This parameter tells the /sbin/shorewall program where  to  look
              for  Shorewall messages when processing the dump, logwatch, show
              log, and hits commands.  If not assigned or if assigned an empty
              value, /var/log/messages is assumed.

              The value of this variable generate the --log-prefix setting for
              Shorewall logging  rules.  It  contains  a  “printf”  formatting
              template  which accepts three arguments (the chain name, logging
              rule number (optional) and the disposition).  To  use  LOGFORMAT
              with fireparse, set it as:

                  LOGFORMAT="fp=%s:%d a=%s "

              If  the  LOGFORMAT  value  contains  the substring “%d” then the
              logging  rule  number  is  calculated  and  formatted  in   that
              position; if that substring is not included then the rule number
              is  not  included.   If  not  supplied  or  supplied  as   empty
              (LOGFORMAT="") then “Shorewall:%s:%s:” is assumed.

              Determines the order in which Shorewall searches directories for
              executable files.

              Specifies the simple name of a file in /var/lib/shorewall to  be
              used  as  the  default  restore  script  in  the shorewall save,
              shorewall restore,  shorewall  forget  and  shorewall  -f  start

              This  option  is used to specify the shell program to be used to
              run the Shorewall compiler and to interpret the compiled script.
              If  not  specified  or  specified  as  a  null value, /bin/sh is
              assumed.  Using a light-weight shell such as  ash  or  dash  can
              significantly improve performance.

              This  parameter  should  be  set  to the name of a file that the
              firewall should create if it starts successfully and remove when
              it  stops.  Creating  and removing this file allows Shorewall to
              work with your  distribution’s  initscripts.  For  RedHat,  this
              should  be  set  to  /var/lock/subsys/shorewall. For Debian, the
              value   is   /var/state/shorewall   and   in    LEAF    it    is

              Shorewall  has  traditionally  been very noisy (produced lots of
              output). You may set the default level of  verbosity  using  the
              VERBOSITY OPTION.

              Values are:

              0 — Silent. You may make it more verbose using the -v option
              1 — Major progress messages displayed
              2 — All progress messages displayed (old default behavior)

              If not specified, then 2 is assumed.



SEE ALSO,    shorewall-accounting(5),    shorewall-actions(5),
       shorewall-blacklist(5),  shorewall-hosts(5),   shorewall-interfaces(5),
       shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5), shorewall-
       nat(5), shorewall-netmap(5), shorewall-params(5),  shorewall-policy(5),
       shorewall-providers(5),        shorewall-proxyarp(5),        shorewall-
       route_rules(5),     shorewall-routestopped(5),      shorewall-rules(5),
       shorewall-tcclasses(5),  shorewall-tcdevices(5),  shorewall-tcrules(5),
       shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)

                               23 November 2007         shorewall-lite.conf(5)