Provided by: shorewall_4.4.26.1-1_all bug

NAME

       route_rules - Shorewall Routing Rules file

SYNOPSIS

       /etc/shorewall/route_rules

DESCRIPTION

       Entries in this file cause traffic to be routed to one of the providers listed in
       shorewall-providers[1](5).

       The columns in the file are as follows.

       SOURCE (Optional) - {-|interface|address|interface:address}
           An ip address (network or host) that matches the source IP address in a packet. May
           also be specified as an interface name optionally followed by ":" and an address. If
           the device lo is specified, the packet must originate from the firewall itself.

       DEST (Optional) - {-|address}
           An ip address (network or host) that matches the destination IP address in a packet.

           If you choose to omit either SOURCE or DEST, place "-" in that column. Note that you
           may not omit both SOURCE and DEST.

       PROVIDER - {provider-name|provider-number|main}
           The provider to route the traffic through. May be expressed either as the provider
           name or the provider number. May also be main or 254 for the main routing table. This
           can be used in combination with VPN tunnels, see example 2 below.

       PRIORITY - priority
           The rule's numeric priority which determines the order in which the rules are
           processed. Rules with equal priority are applied in the order in which they appear in
           the file.

           1000-1999
               Before Shorewall-generated 'MARK' rules

           11000-11999
               After 'MARK' rules but before Shorewall-generated rules for ISP interfaces.

           26000-26999
               After ISP interface rules but before 'default' rule.

       MARK - {-|mark[/mask]}
           Optional -- added in Shorewall 4.4.25. For this rule to be applied to a packet, the
           packet's mark value must match the mark when logically anded with the mask. If a mask
           is not supplied, Shorewall supplies a suitable provider mask.

EXAMPLES

       Example 1:
           You want all traffic coming in on eth1 to be routed to the ISP1 provider.

                       #SOURCE                 DEST            PROVIDER        PRIORITY      MASK
                       eth1                    -               ISP1            1000

       Example 2:
           You use OpenVPN (routed setup /tunX) in combination with multiple providers. In this
           case you have to set up a rule to ensure that the OpenVPN traffic is routed back
           through the tunX interface(s) rather than through any of the providers. 10.8.0.0/24 is
           the subnet chosen in your OpenVPN configuration (server 10.8.0.0 255.255.255.0).

                        #SOURCE                 DEST            PROVIDER        PRIORITY     MASK
                        -                       10.8.0.0/24     main            1000

FILES

       /etc/shorewall/route_rules

SEE ALSO

       http://shorewall.net/MultiISP.html

       http://shorewall.net/configuration_file_basics.htm#Pairs

       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5),
       shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5),
       shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
       shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
       shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5),
       shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
       shorewall-tunnels(5), shorewall-zones(5)

NOTES

        1. shorewall-providers
           http://www.shorewall.net/manpages/shorewall-providers.html

[FIXME: source]                             12/13/2011                     SHOREWALL-ROUTE_RUL(5)