Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   17783 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

SHOREWALL-ROUTESTOP(5)		[FIXME: manual]		SHOREWALL-ROUTESTOP(5)

NAME
       routestopped - The Shorewall file that governs what traffic flows
       through the firewall while it is in the 'stopped' state.

SYNOPSIS
       /etc/shorewall/routestopped

DESCRIPTION
       This file is deprecated in favor of the shorewall-stoppedrules[1](5)
       file.

       This file is used to define the hosts that are accessible when the
       firewall is stopped or is being stopped.

	   Warning
	   Changes to this file do not take effect until after the next
	   shorewall start or shorewall restart command.

       The columns in the file are as follows (where the column name is
       followed by a different name in parentheses, the different name is used
       in the alternate specification syntax).

       INTERFACE - interface
	   Interface through which host(s) communicate with the firewall

       HOST(S) (hosts) - [-|address[,address]...]
	   Optional. Comma-separated list of IP/subnet addresses. If your
	   kernel and iptables include iprange match support, IP address
	   ranges are also allowed.

	   If left empty or supplied as "-", 0.0.0.0/0 is assumed.

       OPTIONS - [-|option[,option]...]
	   Optional. A comma-separated list of options. The order of the
	   options is not important but the list can contain no embedded
	   white-space. The currently-supported options are:

	   routeback
	       Set up a rule to ACCEPT traffic from these hosts back to
	       themselves. Beginning with Shorewall 4.4.9, this option is
	       automatically set if routeback is specified in
	       shorewall-interfaces[2] (5) or if the rules compiler detects
	       that the interface is a bridge.

	   source
	       Allow traffic from these hosts to ANY destination. Without this
	       option or the dest option, only traffic from this host to other
	       listed hosts (and the firewall) is allowed. If source is
	       specified then routeback is redundant.

	   dest
	       Allow traffic to these hosts from ANY source. Without this
	       option or the source option, only traffic from this host to
	       other listed hosts (and the firewall) is allowed. If dest is
	       specified then routeback is redundant.

	   notrack
	       The traffic will be exempted from connection tracking.

       PROTO (Optional) – protocol-name-or-number
	   Protocol.

       DEST PORT(S) (dport) – service-name/port-number-list
	   Optional. A comma-separated list of port numbers and/or service
	   names from /etc/services. May also include port ranges of the form
	   low-port:high-port if your kernel and iptables include port range
	   support.

       SOURCE PORT(S) (sport) – service-name/port-number-list
	   Optional. A comma-separated list of port numbers and/or service
	   names from /etc/services. May also include port ranges of the form
	   low-port:high-port if your kernel and iptables include port range
	   support.

	   Beginning with Shorewall 4.5.15, you may place '=' in this column,
	   provided that the DEST PORT(S) column is non-empty. This causes the
	   rule to match when either the source port or the destination port
	   in a packet matches one of the ports specified in DEST PORTS(S).
	   Use of '=' requires multi-port match in your iptables and kernel.

	   Note
	   The source and dest options work best when used in conjunction with
	   ADMINISABSENTMINDED=Yes in shorewall.conf[3](5).

EXAMPLE
       Example 1:

		       #INTERFACE      HOST(S)		       OPTIONS	       PROTO	      DEST	 SOURCE
		       #								      PORT(S)	 PORT(S)
		       eth2	       192.168.1.0/24
		       eth0	       192.0.2.44
		       br0	       -		       routeback
		       eth3	       -		       source
		       eth4	       -		       notrack	      41

FILES
       /etc/shorewall/routestopped

SEE ALSO
       http://shorewall.net/starting_and_stopping_shorewall.htm

       http://shorewall.net/configuration_file_basics.htm#Pairs

       shorewall(8), shorewall-accounting(5), shorewall-actions(5),
       shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
       shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),
       shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
       shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
       shorewall-rtrules(5), shorewall-rules(5), shorewall.conf(5),
       shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
       shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
       shorewall-zones(5)

NOTES
	1. shorewall-stoppedrules
	   http://www.shorewall.net/manpages/shorewall-stoppedrules.html

	2. shorewall-interfaces
	   http://www.shorewall.net/manpages/shorewall-interfaces.html

	3. shorewall.conf
	   http://www.shorewall.net/manpages/shorewall.conf.html

[FIXME: source]			  12/19/2013		SHOREWALL-ROUTESTOP(5)

Vote for polarhome