Provided by: shorewall-common_4.0.15-1_all bug


       route_rules - Shorewall Routing Rules file




       Entries in this file cause traffic to be routed to one of the providers
       listed in shorewall-providers[1](5).

       The columns in the file are as follows.

       SOURCE (Optional) - {-|interface|address|interface:address}
           An ip address (network or host) that matches the source IP address
           in a packet. May also be specified as an interface name optionally
           followed by ":" and an address. If the device lo is specified, the
           packet must originate from the firewall itself.

       DEST (Optional) - {-|address}
           An ip address (network or host) that matches the destination IP
           address in a packet.

           If you choose to omit either SOURCE or DEST, place "-" in that
           column. Note that you may not omit both SOURCE and DEST.

       PROVIDER - {provider-name|provider-number|main}
           The provider to route the traffic through. May be expressed either
           as the provider name or the provider number. May also be main or
           254 for the main routing table. This can be used in combination
           with VPN tunnels, see example 2 below.

       PRIORITY - priority
           The rule´s numeric priority which determines the order in which the
           rules are processed. Rules with equal priority are applied in the
           order in which they appear in the file.

               Before Shorewall-generated ´MARK´ rules

               After ´MARK´ rules but before Shorewall-generated rules for ISP

               After ISP interface rules but before ´default´ rule.


       Example 1:
           You want all traffic coming in on eth1 to be routed to the ISP1

                       #SOURCE                 DEST            PROVIDER        PRIORITY
                       eth1                    -               ISP1            1000

       Example 2:
           You use OpenVPN (routed setup /tunX) in combination with multiple
           providers. In this case you have to set up a rule to ensure that
           the OpenVPN traffic is routed back through the tunX interface(s)
           rather than through any of the providers. is the subnet
           chosen in your OpenVPN configuration (server

                        #SOURCE                 DEST            PROVIDER        PRIORITY
                        -                  main            1000




       shorewall(8), shorewall-accounting(5), shorewall-actions(5),
       shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
       shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
       shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
       shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
       shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
       shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
       shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)


        1. shorewall-providers

                                  12/15/2008            SHOREWALL-ROUTE_RUL(5)