Macros and actions in Shorewall 3.0

With Shorewall 2.x (the last of which was Shorewall 2.4), “actions” were provided to automatically create rules for common protocols, such as ping and SSH. For example, you could write in /etc/shorewall/rules: AllowPing net fw AllowSSH net fw These two rules would allow both ping and SSH from the zone net (typically, the Internet) to the zone fw (your firewall).

In Shorewall 3.x, this has changed somewhat. If you were using the various “Allow” actions before, they are no longer available. They’ve been replaced with something called “macros.” Available macros are in listed in /usr/share/shorewall/. You’d write the above now as: Ping/ACCEPT net fw SSH/ACCEPT net fw


Like this article? Please support my writing! Flattr my blog (see my thoughts on Flattr), tip me via PayPal, or send me an item from my Amazon wish list.