notrack(5) shorewall6 notrack file

SYNOPSIS

/etc/shorewall6/notrack

DESCRIPTION

The notrack file is used to exempt certain traffic from Netfilter connection tracking. Traffic matching entries in this file will not be tracked.

The columns in the file are as follows.

SOURCE - zone[:interface][:address-list]

where zone is the name of a zone, interface is an interface to that zone, and address-list is a comma-separated list of addresses (may contain exclusion - see m[blue]shorewall6-exclusionm[][1] (5)).

DEST - [interface|address-list]

where address-list is a comma-separated list of addresses (may contain exclusion - see m[blue]shorewall6-exclusionm[][1] (5)). If an interface is given:

• It must be up and configured with an IPv6 address when Shorewall is started or restarted.

• All routes out of the interface must be configured when Shorewall is started or restarted.

• Default routes out of the interface will result in a warning message and will be ignored.

PROTO - protocol-name-or-number

A protocol name from /etc/protocols or a protocol number.

DEST PORT(S) - port-number/service-name-list

A comma-separated list of port numbers and/or service names from /etc/services. May also include port ranges of the form low-port:high-port if your kernel and iptables include port range support.

SOURCE PORT(S) - port-number/service-name-list

A comma-separated list of port numbers and/or service names from /etc/services. May also include port ranges of the form low-port:high-port if your kernel and iptables include port range support.

USER/GROUP - [user][:group]

May only be specified if the SOURCE zone is $FW. Specifies the effective user id and or group id of the process sending the traffic.

FILES

/etc/shorewall6/notrack