Name

actions — shorewall6 action declaration file

Synopsis

/etc/shorewall6/actions

Description

This file allows you to define new ACTIONS for use in rules (see shorewall6-rules(5)). You define the ip6tables rules to be performed in an ACTION in /etc/shorewall6/action.action-name.

Columns are:

NAME

The name of the action. ACTION names should begin with an upper-case letter to distinguish them from Shorewall-generated chain names and be composed of letters, digits or numbers. If you intend to log from the action then the name must be no longer than 11 characters in length if you use the standard LOGFORMAT.

OPTIONS

Added in Shorewall 4.5.10. Available options are:

builtin

Added in Shorewall 4.5.16. Defines the action as a rule target that is supported by your ip6tables but is not directly supported by Shorewall. The action may be used as the rule target in an INLINE rule in shorewall6-rules(5).

Beginning with Shorewall 4.6.0, the Netfilter table(s) in which the builtin can be used may be specified: filter, nat, mangle and raw. If no table name(s) are given, then filter is assumed. The table names follow builtin and are separated by commas; for example, "FOOBAR builtin,filter,mangle" would specify FOOBAR as a builtin target that can be used in the filter and mangle tables.

Beginning with Shorewall 4.6.4, you may specify the terminating option with builtin to indicate to the Shorewall optimizer that the action is terminating (the current packet will not be passed to the next rule in the chain).

inline

Causes the action body (defined in action.action-name) to be expanded in-line like a macro rather than in its own chain. You can list Shorewall Standard Actions in this file to specify the inline option.

Caution

Some of the Shorewall standard actions cannot be used in-line and will generate a warning and the compiler will ignore inline if you try to use them that way:

Broadcast
DropSmurfs
Invalid (Prior to Shorewall 4.5.13)
NotSyn (Prior to Shorewall 4.5.13)
RST (Prior to Shorewall 4.5.13)
TCPFlags
noinline

Causes any later inline option for the same action to be ignored with a warning.

nolog

Added in Shorewall 4.5.11. When this option is specified, the compiler does not automatically apply the log level and/or tag from the invocation of the action to all rules inside of the action. Rather, it simply sets the $_loglevel and $_logtag shell variables which can be used within the action body to apply those logging options only to a subset of the rules.

terminating

Added in Shorewall 4.6.4. When used with builtin, indicates that the built-in action is termiating (i.e., if the action is jumped to, the next rule in the chain is not evaluated).

FILES

/etc/shorewall6/actions

See ALSO

http://www.shorewall.net/Actions.html

shorewall6(8), shorewall6-accounting(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-mangle(5), shorewall6-tos(5), shorewall6-tunnels(5), shorewall-zones(5)

Documentation


Frequently Used Articles

- FAQs - IPv4 Manpages - IPv6 Manpages - Configuration File Basics - Beginner Documentation - Troubleshooting

Shorewall 4.0/4.2 Documentation


Current HOWTOs and Other Articles

- 6to4 and 6in4 Tunnels - Accounting - Actions - Aliased (virtual) Interfaces (e.g., eth0:0) - Anatomy of Shorewall - Anti-Spoofing Measures - AUDIT Target support - Bandwidth Control - Blacklisting/Whitelisting - Bridge/Firewall - Building Shorewall from GIT - Commands - Compiled Programs - Configuration File Basics - DHCP - DNAT - Dynamic Zones - ECN Disabling by host or subnet - Events - Extension Scripts - Fallback/Uninstall - FAQs - Features - Fool's Firewall - Forwarding Traffic on the Same Interface - FTP and Shorewall - Helpers/Helper Modules - Installation/Upgrade - IPP2P - IPSEC - Ipsets - IPv6 Support - ISO 3661 Country Codes - Kazaa Filtering - Kernel Configuration - KVM (Kernel-mode Virtual Machine) - Limiting Connection Rates - Linux Containers (LXC) - Linux-vserver - Logging - Macros - MAC Verification - Manpages (IPv4) (IPv6) - Manual Chains - Masquerading - Multiple Internet Connections from a Single Firewall - Multiple Zones Through One Interface - My Shorewall Configuration - Netfilter Overview - Network Mapping - No firewalling of traffic between bridge port - One-to-one NAT - Operating Shorewall - OpenVPN - OpenVZ - Packet Marking - Packet Processing in a Shorewall-based Firewall - 'Ping' Management - Port Forwarding - Port Information - Port Knocking (deprecated) - Port Knocking, Auto Blacklisting and Other Uses of the 'Recent Match' - PPTP - Proxy ARP - QuickStart Guides - Release Model - Requirements - Routing and Shorewall - Routing on One Interface - Samba - Shorewall Events - Shorewall Init - Shorewall Lite - Shorewall on a Laptop - Shorewall Perl - Shorewall Setup Guide - SMB - SNAT - Split DNS the Easy Way - Squid with Shorewall - Starting/stopping the Firewall - Static (one-to-one) NAT - Support - Tips and Hints - Traffic Shaping/QOS - Simple - Traffic Shaping/QOS - Complex - Transparent Proxy - UPnP - Upgrade Issues - Upgrading to Shorewall 4.4 (Upgrading Debian Lenny to Squeeze) - VPN - VPN Passthrough - White List Creation - Xen - Shorewall in a Bridged Xen DomU - Xen - Shorewall in Routed Xen Dom0

Top of Page