/ 
Fwctl-0.28
River stage zero No dependents
/ fwctl

NAME

fwctl - Program to configure the Linux kernel firewall.

SYNOPSIS

fwtcl [--aliases file] [ --interfaces file ] [--rules file] [--services-dir dir ]+ [--accounting-file file ] [--copy | --nocopy] [--mark mark] [--log | --nolog] [--default ACCEPT|REJECT|DENY] (start|stop|flush|restart|dump-acct|check|dump-config)

DESCRIPTION

fwctl configure the Linux kernel firewall using the Fwctl module.

COMMAND

start

Reset and the firewall and configure using the Fwctl module according to the rules of the rules file.

stop

Reset the firewall and allow only loopback IP traffic.

flush

Remove all Chains and Rules

restart

Does the same thing as a start since start already resets the firewall.

check

Parses the configuration files to see if there are any problems with them.

dump-acct

Dump the byte counters associated to accounting rules in the accounting log file. The counters are reset to zero by this operation.

Note that the accounting rules are dumped before the firewall is reset, so there is no need to use this command before a start or stop.

dump-config

Intended for debugging. The configuration files are parsed and the configuration object is printed on STDOUT using Data::Dumper.

OPTIONS

aliases

Specifies the path to the aliases file. Default is /etc/fwctl/aliases.

interfaces

Specifies the path to the interfaces file. Default is /etc/fwctl/interfaces

rules

Specifies the path to the rules file. Default is /etc/fwctl/rules

services-dir

Sets the search patch for service modules. The default is to look in PERLPATH and /etc/fwctl/services/. Using this option removes the last directory from the search path and adds the directory specified as option. Note that the default perl module path are always searched.

This option may be specified multiple times.

accounting-file

Specifies the path to the accounting file. Default is /var/log/fwctl_acct.

[no]log

Determines the default logging policy for the firewall. The default is to log all packets which don't match explicitely any rules.

[no]copy

Determines the default copy policy for the firewall. The default is to mark for copy to user space all packets which don't match explicitely any rules.

mark

If this option is set, all packets which don't match explicitely one rule, will be marked with the specified mark.

policy

This sets the default policy for unknown packets. Default is DENY, can be one of ACCEPT, REJECT or DENY.

AUTHOR

Francis J. Lacoste <francis.lacoste@iNsu.COM>

COPYRIGHT

Copyright (c) 1999, 2000 iNsu Innovations Inc. All rights reserved.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

SEE ALSO

Fwctl(3) Fwctl::RuleSet(3).