<< Back to man.ChinaUnix.net

Shorewall 3.x Documentation

Tom Eastep

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”.



This article applies to Shorewall 3.0 and later. If you are running a version of Shorewall earlier than Shorewall 3.0.0 then please see the documentation for that release.


The complete Shorewall Documentation is available for download in both Docbook XML and HTML formats.

Frequently asked questions:

If you are new to Shorewall, please read these two articles first.

The following article is also recommended reading for newcomers.

The remainder of the Documentation supplements the QuickStart Guides. Please review the appropriate guide before trying to use this documentation directly.


This index is in alphabetical order.

  1. 2.6 Kernel

  2. Accounting

  3. Actions

  4. Aliased (virtual) Interfaces (e.g., eth0:0)

  5. Bandwidth Control

  6. Blacklisting

    • Static Blacklisting using /etc/shorewall/blacklist

    • Dynamic Blacklisting using /sbin/shorewall

  7. Bridging

  8. Commands (Description of all /sbin/shorewall commands)

  9. Compiled Firewall Programs (Shorewall 3.1 and later)

  10. Configuration File Reference Manual

  11. Corporate Network Example (Contributed by a Graeme Boyle)

  12. DHCP

  13. ECN Disabling by host or subnet

  14. Error Messages

  15. Extension Scripts (How to extend Shorewall without modifying Shorewall code through the use of files in /etc/shorewall -- /etc/shorewall/start, /etc/shorewall/stopped, etc.)

  16. Fallback/Uninstall

  17. FAQs

  18. Features

  19. Forwarding Traffic on the Same Interface

  20. FTP and Shorewall

  21. Getting help or answers to questions

  22. Installation/Upgrade

  23. IPP2P

  24. IPSEC

  25. IPSEC using Kernel 2.6 and Shorewall 2.1 or Later.

  26. Ipsets

  27. Kazaa Filtering

  28. Kernel Configuration

  29. Logging

  30. Macros

  31. MAC Verification

  32. Multiple Internet Connections from a Single Firewall

  33. Multiple Zones Through One Interface

  34. My Shorewall Configuration (How I personally use Shorewall)

  35. Netfilter Overview

  36. Network Mapping

  37. One-to-one NAT (Static NAT)

  38. OpenVPN

  39. Operating Shorewall

  40. Packet Processing in a Shorewall-based Firewall

  41. 'Ping' Management

  42. Port Information

    • Which applications use which ports

    • Ports used by Trojans

  43. Port Knocking and Other Uses of the 'Recent Match'

  44. PPTP

  45. Proxy ARP

  46. Release Model

  47. Requirements

  48. Routing and Shorewall

  49. Routing on One Interface

  50. Samba

  51. Shorewall Lite

  52. Shorewall Setup Guide

  53. SMB

  54. Squid with Shorewall

  55. Starting/stopping the Firewall

    • Description of all /sbin/shorewall commands

    • How to safely test a Shorewall configuration change

  56. Static (one-to-one) NAT

  57. Support

  58. Traffic Accounting

  59. Traffic Shaping/QOS

  60. Troubleshooting (Things to try if it doesn't work)

  61. UPnP

  62. Upgrade Issues

  63. VPN

  64. White List Creation

  65. Xen