Provided by: shorewall-common_4.0.6-1_all bug


       route_rules - Shorewall Routing Rules file




       Entries in this file cause traffic to be routed to one of the providers
       listed in shorewall-providers 〈shorewall-providers.html〉 (5).

       The columns in the file are as follows.

       SOURCE (Optional) — {-|interface|address|interface:address}
              An ip address (network or  host)  that  matches  the  source  IP
              address  in a packet. May also be specified as an interface name
              optionally followed by ":" and an address. If the device  lo  is
              specified, the packet must originate from the firewall itself.

       DEST (Optional) — {-|address}
              An  ip address (network or host) that matches the destination IP
              address in a packet.

              If you choose to omit either SOURCE or DEST, place "-"  in  that
              column. Note that you may not omit both SOURCE and DEST.

       PROVIDER — {provider-name|provider-number|main}
              The  provider  to  route  the  traffic through. May be expressed
              either as the provider name or the provider number. May also  be
              main  or  254  for  the  main routing table. This can be used in
              combination with VPN tunnels, see example 2 below.

       PRIORITY - priority
              The rule’s numeric priority which determines the order in  which
              the  rules  are processed. Rules with equal priority are applied
              in the order in which they appear in the file.

                     Before Shorewall-generated ’MARK’ rules

                     After ’MARK’ rules but before  Shorewall-generated  rules
                     for ISP interfaces.

                     After ISP interface rules but before ’default’ rule.


       Example 1:
              You  want all traffic coming in on eth1 to be routed to the ISP1

                      #SOURCE                 DEST            PROVIDER        PRIORITY
                      eth1                    -               ISP1            1000

       Example 2:
              You  use  OpenVPN  (routed  setup  /tunX)  in  combination  with
              multiple  providers.  In  this case you have to set up a rule to
              ensure that the OpenVPN traffic is routed back through the  tunX
              interface(s)   rather   than   through  any  of  the  providers.
     is the subnet chosen in your  OpenVPN  configuration

                       #SOURCE                 DEST            PROVIDER        PRIORITY
                       -                  main            1000



SEE ALSO, shorewall-accounting(5), shorewall-actions(5), shorewall-
       blacklist(5), shorewall-hosts(5),  shorewall-interfaces(5),  shorewall-
       ipsec(5),  shorewall-maclist(5),  shorewall-masq(5),  shorewall-nat(5),
       shorewall-netmap(5),     shorewall-params(5),      shorewall-policy(5),
       shorewall-providers(5),        shorewall-proxyarp(5),        shorewall-
       routestopped(5),  shorewall-rules(5),   shorewall.conf(5),   shorewall-
       tcclasses(5),  shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-
       tos(5), shorewall-tunnels(5), shorewall-zones(5)

                               23 November 2007       shorewall-route_rules(5)