Provided by: shorewall6-lite_4.2.10-1_all
shorewall6-lite.conf - Shorewall6 Lite global configuration file
This file sets options that apply to Shorewall6 Lite as a whole.
The file consists of Shell comments (lines beginning with ´#´), blank
lines and assignment statements (variable=value). Each variable´s
setting is preceded by comments that describe the variable and it´s
Any option not specified in this file gets its value from the
shorewall6.conf file used during compilation of
/var/lib/shorewall6-lite/firewall. Those settings may be found in the
The following options may be set in shorewall6.conf.
This parameter names the ip6tables executable to be used by
Shorewall6. If not specified or if specified as a null value, then
the ip6tables executable located using the PATH option is used.
This parameter tells the /sbin/shorewall6 program where to look for
Shorewall6 messages when processing the dump, logwatch, show log,
and hits commands. If not assigned or if assigned an empty value,
/var/log/messages is assumed.
The value of this variable generate the --log-prefix setting for
Shorewall6 logging rules. It contains a “printf” formatting
template which accepts three arguments (the chain name, logging
rule number (optional) and the disposition). To use LOGFORMAT with
fireparse, set it as:
LOGFORMAT="fp=%s:%d a=%s "
If the LOGFORMAT value contains the substring “%d” then the logging
rule number is calculated and formatted in that position; if that
substring is not included then the rule number is not included. If
not supplied or supplied as empty (LOGFORMAT="") then
“Shorewall6:%s:%s:” is assumed.
Determines the order in which Shorewall6 searches directories for
Specifies the simple name of a file in /var/lib/shorewall6 to be
used as the default restore script in the shorewall6 save,
shorewall6 restore, shorewall6 forget and shorewall6 -f start
This option is used to specify the shell program to be used to
interpret the compiled script. If not specified or specified as a
null value, /bin/sh is assumed. Using a light-weight shell such as
ash or dash can significantly improve performance.
This parameter should be set to the name of a file that the
firewall should create if it starts successfully and remove when it
stops. Creating and removing this file allows Shorewall6 to work
with your distribution´s initscripts. For RedHat, this should be
set to /var/lock/subsys/shorewall6. For Debian, the value is
/var/state/shorewall6 and in LEAF it is /var/run/shorwall.
Shorewall6 has traditionally been very noisy (produced lots of
output). You may set the default level of verbosity using the
0 - Silent. You may make it more verbose using the -v
1 - Major progress messages displayed
2 - All progress messages displayed (old default
behavior) If not specified, then 2 is assumed.
shorewall6-lite(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-ipsec(5), shorewall6-maclist(5), shorewall6-masq(5),
shorewall6-nat(5), shorewall6-netmap(5), shorewall6-params(5),
shorewall6-policy(5), shorewall6-providers(5), shorewall6-proxyarp(5),
shorewall6-rules(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),
shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5),