The columns in the file are as follows.

SOURCE - zone[:interface][:address-list]

where zone is the name of a zone, interface is an interface to that zone, and address-list is a comma-separated list of addresses (may contain exclusion - see m[blue]shorewall6-exclusionm[][1] (5)).

DEST - [interface|address-list]

where address-list is a comma-separated list of addresses (may contain exclusion - see m[blue]shorewall6-exclusionm[][1] (5)). If an interface is given:

• It must be up and configured with an IPv6 address when Shorewall is started or restarted.

• All routes out of the interface must be configured when Shorewall is started or restarted.

• Default routes out of the interface will result in a warning message and will be ignored.

PROTO - protocol-name-or-number

A protocol name from /etc/protocols or a protocol number.

DEST PORT(S) - port-number/service-name-list

A comma-separated list of port numbers and/or service names from /etc/services. May also include port ranges of the form low-port:high-port if your kernel and iptables include port range support.

SOURCE PORT(S) - port-number/service-name-list

A comma-separated list of port numbers and/or service names from /etc/services. May also include port ranges of the form low-port:high-port if your kernel and iptables include port range support.

USER/GROUP - [user][:group]

May only be specified if the SOURCE zone is $FW. Specifies the effective user id and or group id of the process sending the traffic.