Provided by:
shorewall-common_4.0.12-1_all 
NAME
routestopped - The Shorewall file that governs what traffic flows
through the firewall while it is in ’stopped’ state.
SYNOPSIS
/etc/shorewall/routestopped
DESCRIPTION
This file is used to define the hosts that are accessible when the
firewall is stopped or is being stopped. When shorewall-shell is being
used, the file also determines those hosts that are accessible when the
firewall is in the process of being [re]started.
The columns in the file are as follows.
INTERFACE — interface
Interface through which host(s) communicate with the firewall
HOST(S) (Optional) — [-|address[,address]...]
Comma-separated list of IP/subnet addresses. If your kernel and
iptables include iprange match support, IP address ranges are
also allowed.
If left empty or supplied as "-", 0.0.0.0/0 is assumed.
OPTIONS (Optional) — [-|option[,option]...]
A comma-separated list of options. The order of the options is
not important but the list can contain no embedded whitespace.
The currently-supported options are:
routeback
Set up a rule to ACCEPT traffic from these hosts back to
themselves.
source Allow traffic from these hosts to ANY destination.
Without this option or the dest option, only traffic from
this host to other listed hosts (and the firewall) is
allowed. If source is specified then routeback is
redundant.
dest Allow traffic to these hosts from ANY source. Without
this option or the source option, only traffic from this
host to other listed hosts (and the firewall) is allowed.
If dest is specified then routeback is redundant.
critical
Allow traffic between the firewall and these hosts
throughout ’[re]start’, ’stop’ and ’clear’. Specifying
critical on one or more entries will cause your firewall
to be "totally open" for a brief window during each of
those operations. Examples of where you might want to use
this are:
· ’Ping’ nodes with heartbeat.
· LDAP server(s) if you use LDAP Authentication
· NFS Server if you have an NFS-mounted root filesystem.
Note
The source and dest options work best when used in conjunction
with ADMINISABSENTMINDED=Yes in shorewall.conf
〈shorewall.conf.html〉 (5).
EXAMPLE
Example 1:
#INTERFACE HOST(S) OPTIONS
eth2 192.168.1.0/24
eth0 192.0.2.44
br0 - routeback
eth3 - source
FILES
/etc/shorewall/routestopped
SEE ALSO
〈http://shorewall.net/starting_and_stopping_shorewall.htm〉
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), shorewall-
ipsec(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
shorewall-providers(5), shorewall-proxyarp(5), shorewall-
route_rules(5), shorewall-rules(5), shorewall.conf(5), shorewall-
tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-
tos(5), shorewall-tunnels(5), shorewall-zones(5)
24 June 2008 shorewall-routestopped(5)