interface[:list of hosts]…

Adds a list of hosts and Formatvine to a frequently used dynamic zone.
With VPN.

The interface argument names the interface
defined in these special shorewall interfaces(5)
(Shorewall6(5) interfaces).
The host list is a comma separated mailing list.
The elements turned out to be hosts or network addresses.


The term for the add command is not very reliable. When
that there are errors in the list of hosts,
You may see many error messages and then another
Team-Specific Shorewall Show Displayed
all kinds added. If so, replace
remove, add and run
order the same again. Then enter the correct command.

Starting with Shorewall 4.5.9, the parameters for the dynamic_shared zone are (shorewall-zones(5),shorewall6-zones(5))
allows one real ipset to handle input for possibly many interfaces.
If the option is specified for a level, adding
team has an alternativeive syntax where it can
The term area comes before
list of hosts.


Re-enables reception of packets previously received from hosts
Delete, log delete, reject, or log reject command.

Address [ Option
… ]

Added in Shorewall 5.0.8 as needed
DYNAMIC_BLACKLIST=ipset .. via Shoewall.conf(5).
Provoke packets from the specified host or network
Address to drop depending on
Set up BLACKLIST in Shorewall.conf(5). in
address along with any
options ends with ipset passed
add order. Perhaps the most useful
Is option timeout?
Solution. For example, to permanently blacklist,
The command should be:

shorewall blacklist timeout 0

As of Shorewall 5.2.5, the above command can be

Shorewall blacklist!

If the disconnect option is specifically specified in
Setting DYNAMIC_BLACKLISTING,This is how VERBOSITY usually works
determines the amount of information displayed:

  • If this effective verbosity is > 0, a message is now displayed
    which will remove the many conntrack channels currently removing the command

  • If the winning verbosity is >1, then conntrack
    the table records deleted by the command are also displayed.

Function call [
parameter … ]

Added in Shorewall 4.6.10. Allows you to assign a function to a call
a specific Shorewall library or even a compiled script. function
should name the called layer function. Some parameters are specified
to actually pass a function.

The function will no doubt be looked up first in
lib.base, lib.common,
lib.cli and therefore lib.cli-std.
Usually, if it’s not found, pass the generated one to the label command.
script to run.

check [-e]
[-d] [-p] [-r]
[-T] [-i]

Not available in Shorewall[6]-lite.

Compiles the configuration as specified.
Directory combined with compiled output rejection
Scenario. If then no directory counts
given that /etc/shorewall is definitely assumed.

The -e option comes from
compiler to look for a file named capacity. This file
invented with the showshorewall-lite command
-f Capabilities > Collaborate on the System
Shorewall Lite installed.