Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

apf(1) [debian man page]

APF(1)							      General Commands Manual							    APF(1)

apf - easy iptables based firewall system SYNOPSIS
This manual page documents briefly the apf command. This manual page was written for the Debian distribution because the original program does not have a manual page. Advanced Policy Firewall (APF) is an iptables (netfilter) based firewall system designed around the essential needs of today's Internet deployed servers and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative and present the user with an easy to follow process, from top to bottom of the configuration file. The management of APF on a day-to-day basis is conducted from the command line with the 'apf' command, which includes detailed usage information and all the features one would expect from a current and forward thinking firewall solution. OPTIONS
apf follow the usual GNU command line syntax, with long options starting with two dashes (`-'). A summary of options is included below. -s|--start load all firewall rules -r|--restart stop (flush) & reload firewall rules -l|--list list all firewall rules -t|--status output firewall status log -e|--refresh refresh & resolve dns names in trust rules -a <HOST CMT|--allow <HOST COMMENT> add host (IP/FQDN) to allow_hosts.rules and immediately load new rule into firewall -d <HOST CMT|--deny <HOST COMMENT> add host (IP/FQDN) to deny_hosts.rules and immediately load new rule into firewall -u <HOST>|--remove <HOST> remove host from [glob]*_hosts.rules and immediately remove rule from firewall -o|--ovars output all configuration options COPYRIGHT
Copyright (C) 1999-2007, R-fx Networks <> Copyright (C) 2007, Ryan MacDonald <> This program may be freely redistributed under the terms of the GNU GPL This manual page was written by Giuseppe Iuculano <>, for the Debian project (but may be used by others). August 17, 2008 APF(1)

Check Out this Related Man Page

fwb_ipt(1)							 Firewall Builder							fwb_ipt(1)

fwb_ipt - Policy compiler for iptables SYNOPSIS
fwb_ipt -fdata_file.xml [-4] [-6] [-V] [-dwdir] [-i] [-ooutput.fw] [-Ofw1_id,fw1_output.fw[,fw2_id,fw2_output.fw]] [-v] [-xc] [-xnN] [-xpN] [-xt] object_name DESCRIPTION
fwb_ipt is a firewall policy compiler component of Firewall Builder (see fwbuilder(1)). Compiler reads objects definitions and firewall description from the data file specified with "-f" option and generates resultant iptables script. The script is written to the file with the name the same as the name of the firewall object, plus extension ".fw". The data file and the name of the firewall objects must be specified on the command line. Other command line parameters are optional. OPTIONS
-4 Generate iptables script for IPv4 part of the policy. If any rules of the firewall refer to IPv6 addresses, compiler will skip these rules. Options "-4" and "-6" are exclusive. If neither option is used, compiler tries to generate both parts of the script, although generation of the IPv6 part is controlled by the option "Enable IPv6 support" in the "IPv6" tab of the firewall object advanced settings dialog. This option is off by default. -6 Generate iptables script for IPv6 part of the policy. If any rules of the firewall refer to IPv6 addresses, compiler will skip these rules. -f FILE Specify the name of the data file to be processed. -o output.fw Specify output file name -O fw1_id,fw1_output.fw[,fw2_id,fw2_output.fw] The argument is a comma separated list of firewall object IDs and corresponding output file names. This option is used by fwbuilder GUI while compiling firewall clusters. -d wdir Specify working directory. Compiler creates file with iptables script in this directory. If this parameter is missing, then ipta- bles script will be placed in the current working directory. -v Be verbose: compiler prints diagnostic messages when it works. -V Print version number and quit. -i When this option is present, the last argument on the command line is supposed to be firewall object ID rather than its name -xc When output file name is determined automatically (i.e. flags -o or -O are not present), the file name is composed of the cluster name and member firewall name rather than just member firewall name. This is used mostly for testing when the same member firewall object can be a part of different clusters with different configurations. -xt This flag makes compiler treat all fatal errors as warnings and continue processing rules. Generated configuration script most likely will be incorrect but will include error message as a comment; this flag is used for testing and debugging. -xp N Debugging flag: this causes compiler to print detailed description of the policy rule number "N" as it precesses it, step by step. -xn N Debugging flag: this causes compiler to print detailed description of the NAT rule number "N" as it precesses it, step by step. URL
Firewall Builder home page is located at the following URL: BUGS
Please report bugs using bug tracking system on SourceForge: SEE ALSO
fwbuilder(1), fwb_ipf(1), fwb_pf(1) FWB
Man Page