Penguin

IPFWADM

IPFWADM

NAME SYNOPSIS NOTE DESCRIPTION OPTIONS FILES SEE ALSO AUTHOR


NAME

ipfwadm - IP firewall and accounting administration

SYNOPSIS

ipfwadm -A command parameters [options? ipfwadm -I command parameters [options? ipfwadm -O command parameters [options? ipfwadm -F command parameters [options? ipfwadm -M [ -l? [options?

NOTE

Please note that this just is wrapper in ipchains(8) for old fashioned users and for old scripts.

DESCRIPTION

Ipfwadm is used to set up, maintain, and inspect the IP firewall and accounting rules in the Linux kernel. These rules can be divided into 4 different categories: accounting of IP packets, the IP input firewall, the IP output firewall, and the IP forwarding firewall. For each of these categories, a separate list of rules is maintained. See ipfw(4) for more details.

OPTIONS

The options that are recognized by ipfwadm can be divided into several different groups.

CATEGORIES

The following flags are used to select the category of rules to which the given command applies:

-A [''direction''?

IP accounting rules. Optionally, a direction can be specified (in, out, or both), indicating whether only incoming or outgoing packets should be counted. The default direction is both.

-I

IP input firewall rules.

-O

IP output firewall rules.

-F

IP forwarding firewall rules.

-M

IP masquerading administration. This category can only be used in combination with the -l (list) or -s (set timeout values) command.

Exactly one of these options has to be specified.

COMMANDS

The next options specify the specific action to perform. Only one of them can be specified on the command line, unless something else is listed in the description.

-a [''policy''?

Append one or more rules to the end of the selected list. For the accounting chain, no policy should be specified. For firewall chains, it is required to specify one of the following policies: accept, deny, reject, or masquerade. When the source and/or destination names resolve to more than one address, a rule will be added for each possible address combination.

-i [''policy''?

Insert one or more rules at the beginning of the selected list. See the description of the -a command for more details.

-d [''policy''?

Delete one or more entries from the selected list of rules. The semantics are equal to those of the append/insert commands. The specified parameters should exactly match the parameters given with an append or insert command, otherwise no match will be found and the rule will not be removed from the list. Only the first matching rule in the list will be deleted.

-l

List all the rules in the selected list. This command may be combined with the -z (reset counters to zero) command. In that case, the packet and byte counters will be reset immediately after listing their current values. Unless the -x option is present, packet and byte counters (if listed) will be shown as numberK or numberM, where 1K means 1000 and 1M means 1000K (rounded to the nearest integer value). See also the -e and -x flags for more capabilities.

-z

Reset the packet and byte counters of all the rules in selected list. This command may be combined with the -l (list) command.

-f

Flush the selected list of rules.

-p policy

Change the default policy for the selected type of firewall. The given policy has to be one of accept, deny, reject, or masquerade. The default policy is used when no matching rule is found. This operation is only valid for IP firewalls, that is, in combination with the -I, -O, or -F flag.

-s tcp tcpfin udp

Change the timeout values used for masquerading. This command always takes 3 parameters, representing the timeout values (in seconds) for TCP sessions, TCP sessions after receiving a FIN packet, and UDP packets, respectively. A timeout value 0 means that the current timeout value of the corresponding entry is preserved. This operation is only allowed in combination with the -M flag.

-c

Check whether this IP packet would be accepted, denied, or rejected by the selected type of firewall. This operation is only valid for IP firewalls, that is, in combination with the -I, -O, or -F flag.

-h

Help. Give a (currently very brief) description of the command syntax.

PARAMETERS

The following parameters can be used in combination with the append, insert, delete, or check commands:

-P protocol

The protocol of the rule or of the packet to check. The specified protocol can be one of tcp, udp, icmp, or all. Protocol all will match with all protocols and is taken as default when this option is omitted. All may not be used in in combination with the check command.

-S address[/''mask''?

Fatal Error:

lib/CachedMarkup.php (In template 'browse' < 'body' < 'html'):257: Error: Pure virtual



Fatal PhpWiki Error

lib/CachedMarkup.php (In template 'browse' < 'body' < 'html'):257: Error: Pure virtual