SHOREWALL-ADDRESSES(5) | Configuration Files | SHOREWALL-ADDRESSES(5) |
addresses - Specifying addresses within a Shorewall configuration
In both Shorewall and Shorewall6, there are two basic types of addresses:
Host Address
In IPv4, the format is i.j.k.l where i through l are decimal numbers between 1 and 255.
In IPv6, the format is a:b:c:d:e:f:g:h where a through h consist of 1 to 4 hexadecimal digits (leading zeros may be omitted). a single series of 0 addresses may be omitted. For example 2001:227:e857:1:0:0:0:0:1 may be written 2001:227:e857:1::1.
Network Address
The VLSM is a decimal number. For IPv4, it is in the range 0 through 32. For IPv6, the range is 0 through 128. The number represents the number of leading bits in the address that represent the network address; the remainder of the bits are a host address and are generally given as zero.
Examples:
IPv4: 192.168.1.0/24
IPv6: 2001:227:e857:1:0:0:0:0:1/64
In the Shorewall documentation and manpages, we have tried to make it clear which type of address is accepted in each specific case.
Because Shorewall uses a colon (":") as a separator in many contexts, IPv6 addresses are best written using the standard convention in which the address itself is enclosed in square brackets:
Entries in Shorewall configuration files often deal with the source (SOURCE) and destination (DEST) of connections and Shorewall implements a uniform way for specifying them.
A SOURCE or DEST consists of one to three parts separated by colons (":"):
Beginning with Shorweall 5.2.1, the interface may be preceded with '!' which matches all interfaces except the one specified.
Examples.
If you kernel and iptables have IP Range match support, you may use IP address ranges in Shorewall configuration file entries; IP address ranges have the syntax <low IP address>-<high IP address>.
Example: 192.168.1.5-192.168.1.12.
For more information about addressing, see theSetup Guide[1].
04/11/2019 | Configuration Files |