<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>shorewall-lite.conf</title><link rel="stylesheet" href="html.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.73.2" /></head><body><div class="refentry" lang="en" xml:lang="en"><a id="id257171"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>shorewall-lite.conf — Shorewall Lite global configuration file</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">/etc/shorewall-lite/shorewall-lite.conf</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257202"></a><h2>Description</h2><p>This file sets options that apply to Shorewall Lite as a whole.</p><p>The file consists of Shell comments (lines beginning with '#'), blank lines and assignment statements (<span class="emphasis"><em>variable</em></span>=<span class="emphasis"><em>value</em></span>). Each variable's setting is preceded by comments that describe the variable and it's effect.</p><p>Any option not specified in this file gets its value from the shorewall.conf file used during compilation of /var/lib/shorewall-lite/firewall. Those settings may be found in the file /var/lib/shorewall-lite/firewall.conf.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257228"></a><h2>OPTIONS</h2><p>The following options may be set in shorewall.conf.</p><div class="variablelist"><dl><dt><span class="term"><span class="bold"><strong>IPTABLES=</strong></span>[<span class="emphasis"><em>pathname</em></span>]</span></dt><dd><p>This parameter names the iptables executable to be used by Shorewall. If not specified or if specified as a null value, then the iptables executable located using the PATH option is used.</p></dd><dt><span class="term"><span class="bold"><strong>LOGFILE=</strong></span>[<span class="emphasis"><em>pathname</em></span>]</span></dt><dd><p>This parameter tells the /sbin/shorewall program where to look for Shorewall messages when processing the <span class="bold"><strong>dump</strong></span>, <span class="bold"><strong>logwatch</strong></span>, <span class="bold"><strong>show log</strong></span>, and <span class="bold"><strong>hits</strong></span> commands. If not assigned or if assigned an empty value, /var/log/messages is assumed.</p></dd><dt><span class="term"><span class="bold"><strong>LOGFORMAT=</strong></span>[<span class="bold"><strong>"</strong></span><span class="emphasis"><em>formattemplate</em></span><span class="bold"><strong>"</strong></span>]</span></dt><dd><p>The value of this variable generate the --log-prefix setting for Shorewall logging rules. It contains a “printf” formatting template which accepts three arguments (the chain name, logging rule number (optional) and the disposition). To use LOGFORMAT with fireparse, set it as:</p><pre class="programlisting"> LOGFORMAT="fp=%s:%d a=%s "</pre><p>If the LOGFORMAT value contains the substring “%d” then the logging rule number is calculated and formatted in that position; if that substring is not included then the rule number is not included. If not supplied or supplied as empty (LOGFORMAT="") then “Shorewall:%s:%s:” is assumed.</p></dd><dt><span class="term">PATH=[<span class="emphasis"><em>pathname</em></span>[<span class="bold"><strong>:</strong></span><span class="emphasis"><em>pathname</em></span>]...]</span></dt><dd><p>Determines the order in which Shorewall searches directories for executable files.</p></dd><dt><span class="term"><span class="bold"><strong>RESTOREFILE=</strong></span>[<span class="emphasis"><em>filename</em></span>]</span></dt><dd><p>Specifies the simple name of a file in /var/lib/shorewall to be used as the default restore script in the <span class="bold"><strong>shorewall save</strong></span>, <span class="bold"><strong>shorewall restore</strong></span>, <span class="bold"><strong>shorewall forget </strong></span>and <span class="bold"><strong>shorewall -f start</strong></span> commands.</p></dd><dt><span class="term"><span class="bold"><strong>SHOREWALL_SHELL=</strong></span>[<span class="emphasis"><em>pathname</em></span>]</span></dt><dd><p>This option is used to specify the shell program to be used to run the Shorewall compiler and to interpret the compiled script. If not specified or specified as a null value, /bin/sh is assumed. Using a light-weight shell such as ash or dash can significantly improve performance.</p></dd><dt><span class="term"><span class="bold"><strong>SUBSYSLOCK=</strong></span>[<span class="emphasis"><em>pathname</em></span>]</span></dt><dd><p>This parameter should be set to the name of a file that the firewall should create if it starts successfully and remove when it stops. Creating and removing this file allows Shorewall to work with your distribution's initscripts. For RedHat, this should be set to /var/lock/subsys/shorewall. For Debian, the value is /var/state/shorewall and in LEAF it is /var/run/shorwall.</p></dd><dt><span class="term">VERBOSITY=[<span class="bold"><strong>number</strong></span>]</span></dt><dd><p>Shorewall has traditionally been very noisy (produced lots of output). You may set the default level of verbosity using the VERBOSITY OPTION.</p><p>Values are:</p><table class="simplelist" border="0" summary="Simple list"><tr><td>0 - Silent. You may make it more verbose using the -v option</td></tr><tr><td>1 - Major progress messages displayed</td></tr><tr><td>2 - All progress messages displayed (old default behavior)</td></tr></table><p>If not specified, then 2 is assumed.</p></dd></dl></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257509"></a><h2>FILES</h2><p>/etc/shorewall-lite/shorewall.conf</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257519"></a><h2>See ALSO</h2><p><a class="ulink" href="http://www.shorewall.net/Documentation_Index.html" target="_self">http://www.shorewall.net/Documentation_Index.html</a></p><p>shorewall-lite(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</p></div></div></body></html>