Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

apf(1) [debian man page]

APF(1)							      General Commands Manual							    APF(1)

NAME

       apf - easy iptables based firewall system

SYNOPSIS

       apf

DESCRIPTION

       This  manual page documents briefly the apf command.  This manual page was written for the Debian distribution because the original program
       does not have a manual page.

       Advanced Policy Firewall (APF) is an iptables (netfilter) based firewall system designed around the essential  needs  of  today's  Internet
       deployed  servers  and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative
       and present the user with an easy to follow process, from top to bottom of the configuration file. The management of APF  on  a	day-to-day
       basis  is  conducted from the command line with the 'apf' command, which includes detailed usage information and all the features one would
       expect from a current and forward thinking firewall solution.

OPTIONS

       apf follow the usual GNU command line syntax, with long options starting with two dashes (`-').	A summary of options is included below.

       -s|--start
	      load all firewall rules

       -r|--restart
	      stop (flush) & reload firewall rules

       -l|--list
	      list all firewall rules

       -t|--status
	      output firewall status log

       -e|--refresh
	      refresh & resolve dns names in trust rules

       -a <HOST CMT|--allow <HOST COMMENT>
	      add host (IP/FQDN) to allow_hosts.rules and immediately load new rule into firewall

       -d <HOST CMT|--deny <HOST COMMENT>
	      add host (IP/FQDN) to deny_hosts.rules and immediately load new rule into firewall

       -u <HOST>|--remove <HOST>
	      remove host from [glob]*_hosts.rules and immediately remove rule from firewall

       -o|--ovars
	      output all configuration options

COPYRIGHT

       Copyright (C) 1999-2007, R-fx Networks <proj@r-fx.org>
       Copyright (C) 2007, Ryan MacDonald <ryan@r-fx.org> This program may be freely redistributed under the terms of the GNU GPL

       This manual page was written by Giuseppe Iuculano <giuseppe@iuculano.it>, for the Debian project (but may be used by others).

								  August 17, 2008							    APF(1)

Check Out this Related Man Page

ipkungfu(8)						      System Manager's Manual						       ipkungfu(8)

NAME

       ipkungfu - An iptables-based firewall for Linux

SYNOPSIS

       ipkungfu [ -c ] [ -t ] [ -d ] [ -h ] [ -v ] [ --quiet ] [ --panic ] [ --no-caching

DESCRIPTION

       ipkungfu  is an iptables-based Linux firewall. The primary design goals are security, ease of use, and performance, in that order. It takes
       advantage of advanced features of iptables, tcpwrappers, and the Linux kernel. It also simplifies the configuration of internet	connection
       sharing, advanced routing, and other networking needs.

OPTIONS

       -c  (or	--check)
		   Check whether ipkungfu is loaded, and report any command line options it may have been loaded with.

       -t  (or	--test)
		   Runs  a configuration test, and displays the results.  Note that this does not test or display all configuration options.  This
		   gives you an opportunity to verify that major configuration options are correct before putting them into action.

       -d  (or	--disable)
		   Disables the firewall.  It is important to know exactly what this option does.  All traffic is allowed in and out, and  in  the
		   case  of  a gateway, all NATed traffic is forwarded (the option retains your connection sharing options).  Custom rules are not
		   implemented, and deny_hosts.conf is ignored.

       -f  (or	--flush)
		   Disables the firewall COMPLETELY.  All rules are flushed, all chains are removed.  Any port forwarding or  internet	connection
		   sharing will cease to work.

       -h  (or	--help)
		   Displays brief usage information and exits.

       -v  (or	--version)
		   Displays version information and exits.

       --quiet	   Runs ipkungfu with no standard output

       --panic	   Drops  ALL traffic in all directions on all network interfaces.  You should probably never use this option.	The --panic option
		   is available for the highly unusual situation where you know that an attack is underway but you know of no other  way  to  stop
		   it.

       --failsafe  If  ipkungfu fails, --failsafe will cause all firewall policies to revert to ACCEPT.  This is useful when working with ipkungfu
		   remotely, to prevent loss of remote access due to firewall failure.

       --no-caching
		   Disables rules caching feature.

FILES

       /etc/ipkungfu/ipkungfu.conf
       /etc/ipkungfu/advanced.conf
       /etc/ipkungfu/accept_hosts.conf
       /etc/ipkungfu/deny_hosts.conf
       /etc/ipkungfu/custom.conf
       /etc/ipkungfu/log.conf
       /etc/ipkungfu/redirect.conf
       /etc/ipkungfu/services.conf
       /usr/sbin/ipkungfu
       /usr/share/doc/ipkungfu/AUTHORS
       /usr/share/doc/ipkungfu/README
       /usr/share/doc/ipkungfu/FAQ
       /usr/share/doc/ipkungfu/ChangeLog
       /usr/share/doc/ipkungfu/COPYING

SEE ALSO

       iptables(8).

								   January 2003 						       ipkungfu(8)
Man Page