129
129
# To help insure that all packets in the NEW state are logged,
130
# rate limiting (LOGBURST and LOGRATE) should be disabled when
131
# using LOGALLNEW. Use LOGALLNEW at your own risk; it may
132
# cause high CPU and disk utilization and you may not be able
133
# to control your firewall after you enable this option.
130
# rate limiting (LOGLIMIT or deprecated options LOGBURST and
131
# LOGRATE) should be disabled when using LOGALLNEW. Use
132
# LOGALLNEW at your own risk; it may cause high CPU and disk
133
# utilization and you may not be able to control your firewall
134
# after you enable this option.
137
138
# Do not use this option if the resulting log messages will be
138
139
# sent to another system.
144
141
LOGFILE=/var/log/messages
146
143
# LOGFILE=[pathname]
188
185
# If burst is not specified, then a value of 5 is assumed.
192
# LOGRATE=[rate/{minute|second}]
193
# As of Shorewall 4.4.12, these parameters are deprecated.
195
# These parameters set the match rate and initial burst
196
# size for logged packets. Please see ip6tables(8) for a
197
# description of the behavior of these parameters (the
198
# ip6tables option --limit is set by LOGRATE and
199
# --limit-burst is set by LOGBURST). If both parameters
200
# are set empty, no rate-limiting will occur. If you
201
# supply one of these, then you should also supply the
209
# For each logging rule, the first time the rule is
210
# reached, the packet will be logged; in fact, since the
211
# burst is 5, the first five packets will be logged. After
212
# this, it will be 6 seconds (1 minute divided by the rate
213
# of 10) before a message will be logged from the rule,
214
# regardless of how many packets reach it. Also, every 6
215
# seconds, one of the bursts will be regained; if no
216
# packets hit the rule for 30 seconds, the burst will be
217
# fully recharged; back where we started.
221
189
# LOGTAGONLY=[Yes|No]
670
638
# copied into the compiled script. When set to No or not
671
639
# set, the compiled script reads the file itself.
675
# EXPORTPARAMS={Yes|No} (Deprecated beginning with Shorewall
677
# Beginning with Shorewall 4.4.17, the variables set in
678
# the 'params' file at compile time are available at run
679
# time with EXPORTPARAMS=No. As a consequence, beginning
680
# with that version the recommended setting is
683
# It is quite difficult to code a 'params' file that
684
# assigns other than constant values such that it works
685
# correctly with Shorewall6 Lite. The EXPORTPARAMS option
686
# works around this problem. When EXPORTPARAMS=No, the
687
# 'params' file is not copied to the compiler output.
689
# With EXPORTPARAMS=No, if you need to set environmental
690
# variables on the firewall system for use by your
691
# extension scripts, then do so in the init extension
694
# The default is EXPORTPARAMS=Yes which is the recommended
695
# setting unless you are running Shorewall6 Lite.
699
643
# FASTACCEPT={Yes|No}