Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

shorewall-rtrules(5) [debian man page]

SHOREWALL-RTRULES(5)						  [FIXME: manual]					      SHOREWALL-RTRULES(5)

NAME
rtrules - Shorewall Routing Rules file SYNOPSIS
/etc/shorewall/rtrules DESCRIPTION
Entries in this file cause traffic to be routed to one of the providers listed in shorewall-providers[1](5). The columns in the file are as follows. SOURCE (Optional) - {-|[&]interface|address|interface:address} An ip address (network or host) that matches the source IP address in a packet. May also be specified as an interface name optionally followed by ":" and an address. If the device lo is specified, the packet must originate from the firewall itself. Beginning with Shorewall 4.5.0, you may specify &interface in this column to indicate that the source is the primary IP address of the named interface. DEST (Optional) - {-|address} An ip address (network or host) that matches the destination IP address in a packet. If you choose to omit either SOURCE or DEST, place "-" in that column. Note that you may not omit both SOURCE and DEST. PROVIDER - {provider-name|provider-number|main} The provider to route the traffic through. May be expressed either as the provider name or the provider number. May also be main or 254 for the main routing table. This can be used in combination with VPN tunnels, see example 2 below. PRIORITY - priority The rule's numeric priority which determines the order in which the rules are processed. Rules with equal priority are applied in the order in which they appear in the file. 1000-1999 Before Shorewall-generated 'MARK' rules 11000-11999 After 'MARK' rules but before Shorewall-generated rules for ISP interfaces. 26000-26999 After ISP interface rules but before 'default' rule. MARK - {-|mark[/mask]} Optional -- added in Shorewall 4.4.25. For this rule to be applied to a packet, the packet's mark value must match the mark when logically anded with the mask. If a mask is not supplied, Shorewall supplies a suitable provider mask. EXAMPLES
Example 1: You want all traffic coming in on eth1 to be routed to the ISP1 provider. #SOURCE DEST PROVIDER PRIORITY MASK eth1 - ISP1 1000 Example 2: You use OpenVPN (routed setup /tunX) in combination with multiple providers. In this case you have to set up a rule to ensure that the OpenVPN traffic is routed back through the tunX interface(s) rather than through any of the providers. 10.8.0.0/24 is the subnet chosen in your OpenVPN configuration (server 10.8.0.0 255.255.255.0). #SOURCE DEST PROVIDER PRIORITY MASK - 10.8.0.0/24 main 1000 FILES
/etc/shorewall/rtrules SEE ALSO
http://shorewall.net/MultiISP.html http://shorewall.net/configuration_file_basics.htm#Pairs shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5) NOTES
1. shorewall-providers http://www.shorewall.net/manpages/shorewall-providers.html [FIXME: source] 06/28/2012 SHOREWALL-RTRULES(5)

Check Out this Related Man Page

SHOREWALL-PARAMS(5)						  [FIXME: manual]					       SHOREWALL-PARAMS(5)

NAME
params - Shorewall parameters file SYNOPSIS
/etc/shorewall/params DESCRIPTION
Assign any shell variables that you need in this file. The file is always processed by /bin/sh or by the shell specified through SHOREWALL_SHELL in shorewall.conf[1] (5) so the full range of shell capabilities may be used. It is suggested that variable names begin with an upper case letter to distinguish them from variables used internally within the Shorewall programs The following variable names must be avoided. Those in bold font must be avoided in all Shorewall versions; those in regular font must be avoided in versions prior to 4.4.8. Any option from shorewall.conf[1] (5) COMMAND CONFDIR DEBUG ECHO_E ECHO_N EXPORT FAST FILEMODE HOSTNAME IPT_OPTIONS NOROUTES PREVIEW PRODUCT PROFILE PURGE RECOVERING RESTOREPATH RING_BELL SHAREDIR Any name beginning with SHOREWALL_ or SW_ STOPPING TEST TIMESTAMP USE_VERBOSITY VARDIR VERBOSE VERBOSE_OFFSET VERSION Example params file: NET_IF=eth0 NET_BCAST=130.252.100.255 NET_OPTIONS=routefilter,norfc1918 Example shorewall-interfaces[2](5) file. ZONE INTERFACE BROADCAST OPTIONS net $NET_IF $NET_BCAST $NET_OPTIONS This is the same as if the interfaces file had contained: ZONE INTERFACE BROADCAST OPTIONS net eth0 130.252.100.255 routefilter,norfc1918 FILES
/etc/shorewall/params SEE ALSO
http://www.shorewall.net/configuration_file_basics.htm#Variables[3] shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5) NOTES
1. shorewall.conf http://www.shorewall.net/manpages/shorewall.conf.html 2. shorewall-interfaces http://www.shorewall.net/manpages/shorewall-interfaces.html 3. http://www.shorewall.net/configuration_file_basics.htm#Variables http://www.shorewall.net/configuration_file_basics.htm#Variables? [FIXME: source] 06/28/2012 SHOREWALL-PARAMS(5)
Man Page

Featured Tech Videos