Shorewall 24 May 2013 Internet Connection Sharing Config #1

1. wan interface wlp11s2 192.168.1.50 shares internet via lan device enp2s0 192.168.0.1 all connections to port 113 are rejected and port 50505 is allowed on tcp.
2.  
3. [andrzejl@icsserver ~]$ cat /etc/shorewall/*
4. #
5. # Shorewall version 4 - Accounting File
6. #
7. # For information about entries in this file, type "man shorewall-accounting"
8. #
9. # Please see http://shorewall.net/Accounting.html for examples and
10. # additional information about how to use this file.
11. #
12. #################################################################################################################
13. #ACTION CHAIN SOURCE DESTINATION PROTO DEST SOURCE USER/ MARK IPSEC
14. # PORT(S) PORT(S) GROUP
15. #
16. # Shorewall version 4 - Actions File
17. #
18. # /etc/shorewall/actions
19. #
20. # For information about entries in this file, type "man shorewall-actions"
21. #
22. # Please see http://shorewall.net/Actions.html for additional information.
23. #
24. ########################################################################################
25. #ACTION OPTIONS COMMENT (place '# ' below the 'C' in comment followed by
26. # v a comment describing the action)
27. #
28. # Shorewall version 4 - arprules File
29. #
30. # For information about entries in this file, type "man shorewall-arprules"
31. #
32. ##############################################################################################################
33. #ACTION SOURCE DEST ARP
34. # OPCODE
35. #
36. # Shorewall version 4 - Blacklist Rules File
37. #
38. # For information about entries in this file, type "man shorewall-blrules"
39. #
40. # Please see http://shorewall.net/blacklisting_support.htm for additional
41. # information.
42. #
43. ###################################################################################################################################################################################################
44. #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
45. # PORT PORT(S) DEST LIMIT GROUP
46.  
47. #
48. # Shorewall version 4 - clear File
49. #
50. # /etc/shorewall/clear
51. #
52. # Add commands below that you want to be executed after Shorewall
53. # has processed the 'clear' command.
54. #
55. # See http://shorewall.net/shorewall_extension_scripts.htm for additional
56. # information.
57. #
58. ###############################################################################
59. #
60. # Shorewall version 4 - conntrack File
61. #
62. # For information about entries in this file, type "man shorewall-conntrack"
63. #
64. ##############################################################################################################
65. ?FORMAT 3
66. #ACTION SOURCE DESTINATION PROTO DEST SOURCE USER/ SWITCH
67. # PORT(S) PORT(S) GROUP
68. ?if $AUTOHELPERS && __CT_TARGET
69.  
70. ?if __AMANDA_HELPER
71. CT:helper:amanda:PO - - udp 10080
72. ?endif
73.  
74. ?if __FTP_HELPER
75. CT:helper:ftp:PO - - tcp 21
76. ?endif
77.  
78. ?if __H323_HELPER
79. CT:helper:RAS:PO - - udp 1719
80. CT:helper:Q.931:PO - - tcp 1720
81. ?endif
82.  
83. ?if __IRC_HELPER
84. CT:helper:irc:PO - - tcp 6667
85. ?endif
86.  
87. ?if __NETBIOS_NS_HELPER
88. CT:helper:netbios-ns:PO - - udp 137
89. ?endif
90.  
91. ?if __PPTP_HELPER
92. CT:helper:pptp:PO - - tcp 1723
93. ?endif
94.  
95. ?if __SANE_HELPER
96. CT:helper:sane:PO - - tcp 6566
97. ?endif
98.  
99. ?if __SIP_HELPER
100. CT:helper:sip:PO - - udp 5060
101. ?endif
102.  
103. ?if __SNMP_HELPER
104. CT:helper:snmp:PO - - udp 161
105. ?endif
106.  
107. ?if __TFTP_HELPER
108. CT:helper:tftp:PO - - udp 69
109. ?endif
110.  
111. ?endif
112. #
113. # Shorewall version 4 - Ecn File
114. #
115. # For information about entries in this file, type "man shorewall-ecn"
116. #
117. # The manpage is also online at
118. # http://www.shorewall.net/manpages/shorewall-ecn.html
119. #
120. ###############################################################################
121. #INTERFACE HOST(S)
122. #
123. # Shorewall version 4 - Findgw File
124. #
125. # /etc/shorewall/findgw
126. #
127. # The code in this file is executed when Shorewall is trying to detect the
128. # gateway through an interface in /etc/shorewall/providers that has GATEWAY
129. # specified as 'detect'.
130. #
131. # The function should echo the IP address of the gateway if it knows what
132. # it is; the name of the interface is in $1.
133. #
134. # See http://shorewall.net/shorewall_extension_scripts.htm for additional
135. # information.
136. #
137. ###############################################################################
138. #
139. # Shorewall version 4 - Hosts file
140. #
141. # For information about entries in this file, type "man shorewall-hosts"
142. #
143. # The manpage is also online at
144. # http://www.shorewall.net/manpages/shorewall-hosts.html
145. #
146. ###############################################################################
147. #ZONE HOST(S) OPTIONS
148. #
149. # Shorewall version 4 - Init File
150. #
151. # /etc/shorewall/init
152. #
153. # Add commands below that you want to be executed at the beginning of
154. # a "shorewall start" or "shorewall restart" command.
155. #
156. # For additional information, see
157. # http://shorewall.net/shorewall_extension_scripts.htm
158. #
159. ###############################################################################
160. #
161. # Shorewall version 4 - Initdone File
162. #
163. # /etc/shorewall/initdone
164. #
165. # Add commands below that you want to be executed during
166. # "shorewall start" or "shorewall restart" commands at the point where
167. # Shorewall has not yet added any perminent rules to the builtin chains.
168. #
169. # For additional information, see
170. # http://shorewall.net/shorewall_extension_scripts.htm
171. #
172. ###############################################################################
173. #
174. # Shorewall version 4 - Interfaces File
175. #
176. # For information about entries in this file, type "man shorewall-interfaces"
177. #
178. # The manpage is also online at
179. # http://www.shorewall.net/manpages/shorewall-interfaces.html
180. #
181. ###############################################################################
182. ?FORMAT 2
183. ###############################################################################
184. #ZONE INTERFACE OPTIONS
185. wan wlp11s2 tcpflags,nosmurfs
186. lan enp2s0 tcpflags,nosmurfs
187. #
188. # Shorewall version 4 - lib.private File
189. #
190. # /etc/shorewall/lib.private
191. #
192. # Use this file to declare shell functions to be called in the other
193. # run-time extension scripts. The file will be copied into the generated
194. # firewall script.
195. #
196. # See http://shorewall.net/shorewall_extension_scripts.htm for additional
197. # information.
198. #
199. ###############################################################################
200. #
201. # Shorewall version 4 - Maclist file
202. #
203. # For information about entries in this file, type "man shorewall-maclist"
204. #
205. # For additional information, see http://shorewall.net/MAC_Validation.html
206. #
207. ###############################################################################
208. #DISPOSITION INTERFACE MAC IP ADDRESSES (Optional)
209. # Shorewall Makefile to restart if config-files are newer than last restart
210. VARDIR=$(shell /sbin/shorewall show vardir)
211. CONFDIR=/etc/shorewall
212. RESTOREFILE?=firewall
213.  
214. all: $(VARDIR)/$(RESTOREFILE)
215.  
216. $(VARDIR)/$(RESTOREFILE): $(CONFDIR)/*
217. @/sbin/shorewall -q save >/dev/null; \
218. if \
219. /sbin/shorewall -q restart >/dev/null 2>&1; \
220. then \
221. /sbin/shorewall -q save >/dev/null; \
222. else \
223. /sbin/shorewall -q restart 2>&1 | tail >&2; exit 1; \
224. fi
225.  
226. clean:
227. @rm -f $(CONFDIR)/*~ $(CONFDIR)/.*~
228.  
229. .PHONY: clean
230.  
231. # EOF
232. #
233. # Shorewall version 4 - Masq file
234. #
235. # For information about entries in this file, type "man shorewall-masq"
236. #
237. # The manpage is also online at
238. # http://www.shorewall.net/manpages/shorewall-masq.html
239. #
240. ################################################################################################################
241. #INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK USER/ SWITCH ORIGINAL
242. # GROUP DEST
243. wlp11s2 192.168.0.0/24 detect
244. #
245. # Shorewall version 4 - Nat File
246. #
247. # For information about entries in this file, type "man shorewall-nat"
248. #
249. # For additional information, see http://shorewall.net/NAT.htm
250. #
251. ###############################################################################
252. #EXTERNAL INTERFACE INTERNAL ALL LOCAL
253. # INTERFACES
254. #
255. # Shorewall version 4 - Netmap File
256. #
257. # For information about entries in this file, type "man shorewall-netmap"
258. #
259. # See http://shorewall.net/netmap.html for an example and usage
260. # information.
261. #
262. ##############################################################################################
263. #TYPE NET1 INTERFACE NET2 NET3 PROTO DEST SOURCE
264. # PORT(S) PORT(S)
265. #
266. # Shorewall version 4 - Params File
267. #
268. # /etc/shorewall/params
269. #
270. # Assign any variables that you need here.
271. #
272. # It is suggested that variable names begin with an upper case letter
273. # to distinguish them from variables used internally within the
274. # Shorewall programs
275. #
276. # Example:
277. #
278. # NET_IF=eth0
279. # NET_BCAST=130.252.100.255
280. # NET_OPTIONS=routefilter,norfc1918
281. #
282. # Example (/etc/shorewall/interfaces record):
283. #
284. # net $NET_IF $NET_BCAST $NET_OPTIONS
285. #
286. # The result will be the same as if the record had been written
287. #
288. # net eth0 130.252.100.255 routefilter,norfc1918
289. #
290. ###############################################################################
291.  
292. #LAST LINE -- DO NOT REMOVE
293. #
294. # Shorewall version 4 - Policy File
295. #
296. # For information about entries in this file, type "man shorewall-policy"
297. #
298. # The manpage is also online at
299. # http://www.shorewall.net/manpages/shorewall-policy.html
300. #
301. ###############################################################################
302. #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
303. # LEVEL BURST MASK
304. $FW wan ACCEPT info
305. lan wan ACCEPT info
306. lan $FW ACCEPT info
307. wan all DROP info
308. all all REJECT info
309. #
310. # Shorewall version 4 - Providers File
311. #
312. # For information about entries in this file, type "man shorewall-providers"
313. #
314. # For additional information, see http://shorewall.net/MultiISP.html
315. #
316. ############################################################################################
317. #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
318. #
319. # Shorewall version 4 - Proxyarp File
320. #
321. # For information about entries in this file, type "man shorewall-proxyarp"
322. #
323. # See http://shorewall.net/ProxyARP.htm for additional information.
324. #
325. ###############################################################################
326. #ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT
327. #
328. # Shorewall version 4 - refresh File
329. #
330. # /etc/shorewall/refresh
331. #
332. # Add commands below that you want to be executed before Shorewall
333. # has processed the 'refresh' command.
334. #
335. # See http://shorewall.net/shorewall_extension_scripts.htm for additional
336. # information.
337. #
338. ###############################################################################
339. #
340. # Shorewall version 4 - refreshed File
341. #
342. # /etc/shorewall/refreshed
343. #
344. # Add commands below that you want to be executed after Shorewall
345. # has processed the 'refresh' command.
346. #
347. # See http://shorewall.net/shorewall_extension_scripts.htm for additional
348. # information.
349. #
350. ###############################################################################
351. #
352. # Shorewall version 4 - Restored File
353. #
354. # /etc/shorewall/restored
355. #
356. # Add commands below that you want to be executed after shorewall has
357. # completed a 'restore' command.
358. #
359. # See http://shorewall.net/shorewall_extension_scripts.htm for additional
360. # information.
361. #
362. ###############################################################################
363. #
364. # Shorewall version 4 - routes File
365. #
366. # For information about entries in this file, type "man shorewall-routes"
367. #
368. # For additional information, see http://www.shorewall.net/MultiISP.html
369. ##############################################################################
370. #PROVIDER DEST GATEWAY DEVICE
371.  
372. #
373. # Shorewall version 4 - route rules File
374. #
375. # For information about entries in this file, type "man shorewall-rtrules"
376. #
377. # For additional information, see http://www.shorewall.net/MultiISP.html
378. ####################################################################################
379. #SOURCE DEST PROVIDER PRIORITY MASK
380. #
381. # Shorewall version 4 - Rules File
382. #
383. # For information on the settings in this file, type "man shorewall-rules"
384. #
385. # The manpage is also online at
386. # http://www.shorewall.net/manpages/shorewall-rules.html
387. #
388. ######################################################################################################################################################################################################
389. #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER
390. # PORT PORT(S) DEST LIMIT GROUP
391. #SECTION ALL
392. #SECTION ESTABLISHED
393. #SECTION RELATED
394. #SECTION INVALID
395. #SECTION UNTRACKED
396. SECTION NEW
397. # Block access to port 113/TCP
398. DROP wan fw tcp 113 -
399. ACCEPT wan fw tcp 50505 -
400. #
401. # Shorewall version 4 - Show Connections Filter
402. #
403. # /etc/shorewall/scfilter
404. #
405. # Replace the 'cat' command below to filter the output of
406. # 'show connections.
407. #
408. # See http://shorewall.net/shorewall_extension_scripts.htm for additional
409. # information.
410. #
411. ###############################################################################
412. cat -
413. #
414. # Shorewall version 4 - Secmarks File
415. #
416. # For information about entries in this file, type "man shorewall-secmarks"
417. #
418. ############################################################################################################
419. #SECMARK CHAIN: SOURCE DEST PROTO DEST SOURCE USER/ MARK
420. # STATE PORT(S) PORT(S) GROUP
421.  
422.  
423.  
424.  
425.  
426. ###############################################################################
427. #
428. # Shorewall Version 4 -- /etc/shorewall/shorewall.conf
429. #
430. # For information about the settings in this file, type "man shorewall.conf"
431. #
432. # Manpage also online at http://www.shorewall.net/manpages/shorewall.conf.html
433. ###############################################################################
434. # S T A R T U P E N A B L E D
435. ###############################################################################
436.  
437. STARTUP_ENABLED=Yes
438.  
439. ###############################################################################
440. # V E R B O S I T Y
441. ###############################################################################
442.  
443. VERBOSITY=1
444.  
445. ###############################################################################
446. # L O G G I N G
447. ###############################################################################
448.  
449. BLACKLIST_LOG_LEVEL=
450.  
451. INVALID_LOG_LEVEL=
452.  
453. LOG_MARTIANS=Yes
454.  
455. LOG_VERBOSITY=2
456.  
457. LOGALLNEW=
458.  
459. LOGFILE=/var/log/messages.log
460.  
461. LOGFORMAT="Shorewall:%s:%s:"
462.  
463. LOGTAGONLY=No
464.  
465. LOGLIMIT=
466.  
467. MACLIST_LOG_LEVEL=info
468.  
469. RELATED_LOG_LEVEL=
470.  
471. RPFILTER_LOG_LEVEL=info
472.  
473. SFILTER_LOG_LEVEL=info
474.  
475. SMURF_LOG_LEVEL=info
476.  
477. STARTUP_LOG=/var/log/shorewall-init.log
478.  
479. TCP_FLAGS_LOG_LEVEL=info
480.  
481. UNTRACKED_LOG_LEVEL=
482.  
483. ###############################################################################
484. # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
485. ###############################################################################
486.  
487. ARPTABLES=
488.  
489. CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
490.  
491. GEOIPDIR=/usr/share/xt_geoip/LE
492.  
493. IPTABLES=
494.  
495. IP=
496.  
497. IPSET=
498.  
499. LOCKFILE=
500.  
501. MODULESDIR=
502.  
503. NFACCT=
504.  
505. PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
506.  
507. PERL=/usr/bin/perl
508.  
509. RESTOREFILE=restore
510.  
511. SHOREWALL_SHELL=/bin/sh
512.  
513. SUBSYSLOCK=/var/lock/shorewall
514.  
515. TC=
516.  
517. ###############################################################################
518. # D E F A U L T A C T I O N S / M A C R O S
519. ###############################################################################
520.  
521. ACCEPT_DEFAULT=none
522. DROP_DEFAULT=Drop
523. NFQUEUE_DEFAULT=none
524. QUEUE_DEFAULT=none
525. REJECT_DEFAULT=Reject
526.  
527. ###############################################################################
528. # R S H / R C P C O M M A N D S
529. ###############################################################################
530.  
531. RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
532. RSH_COMMAND='ssh ${root}@${system} ${command}'
533.  
534. ###############################################################################
535. # F I R E W A L L O P T I O N S
536. ###############################################################################
537.  
538. ACCOUNTING=Yes
539.  
540. ACCOUNTING_TABLE=filter
541.  
542. ADD_IP_ALIASES=No
543.  
544. ADD_SNAT_ALIASES=No
545.  
546. ADMINISABSENTMINDED=Yes
547.  
548. IGNOREUNKNOWNVARIABLES=No
549.  
550. AUTOCOMMENT=Yes
551.  
552. AUTOHELPERS=Yes
553.  
554. AUTOMAKE=Yes
555.  
556. BLACKLIST="NEW,INVALID,UNTRACKED"
557.  
558. CHAIN_SCRIPTS=Yes
559.  
560. CLAMPMSS=No
561.  
562. CLEAR_TC=Yes
563.  
564. COMPLETE=No
565.  
566. DEFER_DNS_RESOLUTION=Yes
567.  
568. DELETE_THEN_ADD=Yes
569.  
570. DETECT_DNAT_IPADDRS=No
571.  
572. DISABLE_IPV6=No
573.  
574. DONT_LOAD=
575.  
576. DYNAMIC_BLACKLIST=Yes
577.  
578. EXPAND_POLICIES=Yes
579.  
580. EXPORTMODULES=Yes
581.  
582. FASTACCEPT=No
583.  
584. FORWARD_CLEAR_MARK=
585.  
586. HELPERS=
587.  
588. IMPLICIT_CONTINUE=No
589.  
590. IPSET_WARNINGS=Yes
591.  
592. IP_FORWARDING=On
593.  
594. KEEP_RT_TABLES=No
595.  
596. LEGACY_FASTSTART=Yes
597.  
598. LOAD_HELPERS_ONLY=Yes
599.  
600. MACLIST_TABLE=filter
601.  
602. MACLIST_TTL=
603.  
604. MANGLE_ENABLED=Yes
605.  
606. MAPOLDACTIONS=No
607.  
608. MARK_IN_FORWARD_CHAIN=No
609.  
610. MODULE_SUFFIX=ko.gz
611.  
612. MULTICAST=No
613.  
614. MUTEX_TIMEOUT=60
615.  
616. NULL_ROUTE_RFC1918=No
617.  
618. OPTIMIZE=0
619.  
620. OPTIMIZE_ACCOUNTING=No
621.  
622. REQUIRE_INTERFACE=No
623.  
624. RESTORE_DEFAULT_ROUTE=Yes
625.  
626. RESTORE_ROUTEMARKS=Yes
627.  
628. RETAIN_ALIASES=No
629.  
630. ROUTE_FILTER=No
631.  
632. SAVE_ARPTABLES=No
633.  
634. SAVE_IPSETS=No
635.  
636. TC_ENABLED=Internal
637.  
638. TC_EXPERT=No
639.  
640. TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
641.  
642. TRACK_PROVIDERS=No
643.  
644. USE_DEFAULT_RT=No
645.  
646. USE_PHYSICAL_NAMES=No
647.  
648. USE_RT_NAMES=No
649.  
650. WARNOLDCAPVERSION=Yes
651.  
652. ZONE2ZONE=2
653.  
654. ###############################################################################
655. # P A C K E T D I S P O S I T I O N
656. ###############################################################################
657.  
658. BLACKLIST_DISPOSITION=DROP
659.  
660. INVALID_DISPOSITION=CONTINUE
661.  
662. MACLIST_DISPOSITION=REJECT
663.  
664. RELATED_DISPOSITION=ACCEPT
665.  
666. RPFILTER_DISPOSITION=DROP
667.  
668. SMURF_DISPOSITION=DROP
669.  
670. SFILTER_DISPOSITION=DROP
671.  
672. TCP_FLAGS_DISPOSITION=DROP
673.  
674. UNTRACKED_DISPOSITION=CONTINUE
675.  
676. ################################################################################
677. # P A C K E T M A R K L A Y O U T
678. ################################################################################
679.  
680. TC_BITS=
681.  
682. PROVIDER_BITS=
683.  
684. PROVIDER_OFFSET=
685.  
686. MASK_BITS=
687.  
688. ZONE_BITS=0
689.  
690. ################################################################################
691. # L E G A C Y O P T I O N
692. # D O N O T D E L E T E O R A L T E R
693. ################################################################################
694.  
695. IPSECFILE=zones
696. #
697. # Shorewall version 4 - Start File
698. #
699. # /etc/shorewall/start
700. #
701. # Add commands below that you want to be executed after shorewall has
702. # been started or restarted.
703. #
704. # See http://shorewall.net/shorewall_extension_scripts.htm for additional
705. # information.
706. #
707. ###############################################################################
708. return 0
709. #
710. # Shorewall version 4 - Started File
711. #
712. # /etc/shorewall/started
713. #
714. # Add commands below that you want to be executed after shorewall has
715. # been completely started or restarted. The difference between this
716. # extension script and /etc/shorewall/start is that this one is invoked
717. # after delayed loading of the blacklist (DELAYBLACKLISTLOAD=Yes) and
718. # after the 'shorewall' chain has been created (thus signaling that the
719. # firewall is completely up).
720. #
721. # This script should not change the firewall configuration directly but
722. # may do so indirectly by running /sbin/shorewall with the 'nolock'
723. # option.
724. #
725. # See http://shorewall.net/shorewall_extension_scripts.htm for additional
726. # information.
727. #
728. ###############################################################################
729. #
730. # Shorewall version 4 - Stop File
731. #
732. # /etc/shorewall/stop
733. #
734. # Add commands below that you want to be executed at the beginning of a
735. # "shorewall stop" command.
736. #
737. # See http://shorewall.net/shorewall_extension_scripts.htm for additional
738. # information.
739. #
740. ###############################################################################
741. #
742. # Shorewall version 4 - Stopped File
743. #
744. # /etc/shorewall/stopped
745. #
746. # Add commands below that you want to be executed at the completion of a
747. # "shorewall stop" command.
748. #
749. # See http://shorewall.net/shorewall_extension_scripts.htm for additional
750. # information.
751. #
752. ###############################################################################
753. #
754. # Shorewall version 4 - Stopped Rules File
755. #
756. # For information about entries in this file, type "man shorewall-stoppedrules"
757. #
758. # The manpage is also online at
759. # http://www.shorewall.net/manpages/shorewall-stoppedrules.html
760. #
761. # See http://shorewall.net/starting_and_stopping_shorewall.htm for additional
762. # information.
763. #
764. ###############################################################################
765. #ACTION SOURCE DEST PROTO DEST SOURCE
766. # PORT(S) PORT(S)
767. #
768. # Shorewall version 4 - Tcclasses File
769. #
770. # For information about entries in this file, type "man shorewall-tcclasses"
771. #
772. # See http://shorewall.net/traffic_shaping.htm for additional information.
773. #
774. ###############################################################################
775. #INTERFACE:CLASS MARK RATE: CEIL PRIORITY OPTIONS
776. # DMAX:UMAX
777. #
778. # Shorewall version 4 - tcclear File
779. #
780. # /etc/shorewall/tcclear
781. #
782. # Add commands below that you want to be executed before Shorewall
783. # clears the traffic shaping configuration.
784. #
785. # See http://shorewall.net/shorewall_extension_scripts.htm for additional
786. # information.
787. #
788. ###############################################################################
789. #
790. # Shorewall version 4 - Tcdevices File
791. #
792. # For information about entries in this file, type "man shorewall-tcdevices"
793. #
794. # See http://shorewall.net/traffic_shaping.htm for additional information.
795. #
796. ###############################################################################
797. #NUMBER: IN-BANDWITH OUT-BANDWIDTH OPTIONS REDIRECTED
798. #INTERFACE INTERFACES
799. #
800. # Shorewall version 4 - Tcfilters File
801. #
802. # For information about entries in this file, type "man shorewall-tcfilters"
803. #
804. # See http://shorewall.net/traffic_shaping.htm for additional information.
805. #
806. ########################################################################################################
807. #INTERFACE: SOURCE DEST PROTO DEST SOURCE TOS LENGTH PRIORITY
808. #CLASS PORT(S) PORT(S)
809. #
810. # Shorewall version 4 - Tcinterfaces File
811. #
812. # For information about entries in this file, type "man shorewall-tcinterfaces"
813. #
814. # See http://shorewall.net/simple_traffic_shaping.htm for additional
815. # information.
816. #
817. ###############################################################################
818. #INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH
819. #
820. # Shorewall version 4 - Tcpri File
821. #
822. # For information about entries in this file, type "man shorewall-tcpri"
823. #
824. # See http://shorewall.net/simple_traffic_shaping.htm for additional
825. # information.
826. #
827. ###############################################################################
828. #BAND PROTO PORT(S) ADDRESS IN-INTERFACE HELPER
829.  
830.  
831.  
832. #
833. # Shorewall version 4 - Tcrules File
834. #
835. # For information about entries in this file, type "man shorewall-tcrules"
836. #
837. # See http://shorewall.net/traffic_shaping.htm for additional information.
838. # For usage in selecting among multiple ISPs, see
839. # http://shorewall.net/MultiISP.html
840. #
841. # See http://shorewall.net/PacketMarking.html for a detailed description of
842. # the Netfilter/Shorewall packet marking mechanism.
843. ##########################################################################################################################################
844. ?FORMAT 2
845. ##########################################################################################################################################
846. #ACTION SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS CONNBYTES HELPER PROBABILITY DSCP
847. # PORT(S) PORT(S)
848.  
849. #
850. # Shorewall version 4 - Tos File
851. #
852. # For information about entries in this file, type "man shorewall-tos"
853. #
854. ###############################################################################
855. #SOURCE DEST PROTOCOL DEST SOURCE TOS MARK
856. # PORTS PORTS
857. #
858. # Shorewall version 4 - Tunnels File
859. #
860. # For information about entries in this file, type "man shorewall-tunnels"
861. #
862. # The manpage is also online at
863. # http://www.shorewall.net/manpages/shorewall-tunnels.html
864. #
865. ###############################################################################
866. #TYPE ZONE GATEWAY(S) GATEWAY
867. # ZONE(S)
868. #
869. # Shorewall version 4 - Zones File
870. #
871. # For information about this file, type "man shorewall-zones"
872. #
873. # The manpage is also online at
874. # http://www.shorewall.net/manpages/shorewall-zones.html
875. #
876. ###############################################################################
877. #ZONE TYPE OPTIONS IN OUT
878. # OPTIONS OPTIONS
879. fw firewall
880. wan ipv4
881. lan ipv4
882. [andrzejl@icsserver ~]$