shorewall6-rtrules (5)

Shorewall6 routing rules file

  1. Carta.tech
  2. Man Pages
  3. File formats and conventions
  4. shorewall6-rtrules: Shorewall6 routing rules file
  1. Carta.tech
  2. Packages
  3. shorewall6
  4. shorewall6-rtrules: Shorewall6 routing rules file

SYNOPSIS

/etc/shorewall6/rtrules

DESCRIPTION

Entries in this file cause traffic to be routed to one of the providers listed in \m[blue]shorewall6-providers\m[]\s-2\u[1]\d\s+2(5).

The columns in the file are as follows.

SOURCE (Optional) - {-|interface|address|interface:<address>}

An ip address (network or host) that matches the source IP address in a packet. May also be specified as an interface name optionally followed by ":" and an address. If the device lo is specified, the packet must originate from the firewall itself.

Beginning with Shorewall 4.5.0, you may specify &interface in this column to indicate that the source is the primary IP address of the named interface.

DEST (Optional) - {-|address}

An ip address (network or host) that matches the destination IP address in a packet.

If you choose to omit either SOURCE or DEST, place "-" in that column. Note that you may not omit both SOURCE and DEST.

PROVIDER - {provider-name|provider-number|main}

The provider to route the traffic through. May be expressed either as the provider name or the provider number. May also be main or 254 for the main routing table. This can be used in combination with VPN tunnels, see example 2 below.

PRIORITY - priority

The rule's numeric priority which determines the order in which the rules are processed. Rules with equal priority are applied in the order in which they appear in the file.

1000-1999

Before Shorewall6-generated 'MARK' rules

11000-11999

After 'MARK' rules but before Shorewall6-generated rules for ISP interfaces.

26000-26999

After ISP interface rules but before 'default' rule.

MARK - {-|mark[/mask]}

Optional -- added in Shorewall 4.4.25. For this rule to be applied to a packet, the packet's mark value must match the mark when logically anded with the mask. If a mask is not supplied, Shorewall supplies a suitable provider mask.

EXAMPLES

Example 1:

You want all traffic coming in on eth1 to be routed to the ISP1 provider.

        #SOURCE                 DEST            PROVIDER        PRIORITY    MASK
        eth1                    -               ISP1            1000

FILES

/etc/shorewall6/rtrules

RELATED TO shorewall6-rtrules…

\m[blue]http://www.shorewall.net/MultiISP.html\m[]\s-2\u[2]\d\s+2

shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-mangle(5), shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)

NOTES

1.

shorewall6-providers

http://www.shorewall.net/manpages6/shorewall6-providers.html

2.

http://www.shorewall.net/MultiISP.html

http://www.shorewall.net/MultiISP.html