Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

ipkungfu(8) [debian man page]

ipkungfu(8)						      System Manager's Manual						       ipkungfu(8)

NAME

       ipkungfu - An iptables-based firewall for Linux

SYNOPSIS

       ipkungfu [ -c ] [ -t ] [ -d ] [ -h ] [ -v ] [ --quiet ] [ --panic ] [ --no-caching

DESCRIPTION

       ipkungfu  is an iptables-based Linux firewall. The primary design goals are security, ease of use, and performance, in that order. It takes
       advantage of advanced features of iptables, tcpwrappers, and the Linux kernel. It also simplifies the configuration of internet	connection
       sharing, advanced routing, and other networking needs.

OPTIONS

       -c  (or	--check)
		   Check whether ipkungfu is loaded, and report any command line options it may have been loaded with.

       -t  (or	--test)
		   Runs  a configuration test, and displays the results.  Note that this does not test or display all configuration options.  This
		   gives you an opportunity to verify that major configuration options are correct before putting them into action.

       -d  (or	--disable)
		   Disables the firewall.  It is important to know exactly what this option does.  All traffic is allowed in and out, and  in  the
		   case  of  a gateway, all NATed traffic is forwarded (the option retains your connection sharing options).  Custom rules are not
		   implemented, and deny_hosts.conf is ignored.

       -f  (or	--flush)
		   Disables the firewall COMPLETELY.  All rules are flushed, all chains are removed.  Any port forwarding or  internet	connection
		   sharing will cease to work.

       -h  (or	--help)
		   Displays brief usage information and exits.

       -v  (or	--version)
		   Displays version information and exits.

       --quiet	   Runs ipkungfu with no standard output

       --panic	   Drops  ALL traffic in all directions on all network interfaces.  You should probably never use this option.	The --panic option
		   is available for the highly unusual situation where you know that an attack is underway but you know of no other  way  to  stop
		   it.

       --failsafe  If  ipkungfu fails, --failsafe will cause all firewall policies to revert to ACCEPT.  This is useful when working with ipkungfu
		   remotely, to prevent loss of remote access due to firewall failure.

       --no-caching
		   Disables rules caching feature.

FILES

       /etc/ipkungfu/ipkungfu.conf
       /etc/ipkungfu/advanced.conf
       /etc/ipkungfu/accept_hosts.conf
       /etc/ipkungfu/deny_hosts.conf
       /etc/ipkungfu/custom.conf
       /etc/ipkungfu/log.conf
       /etc/ipkungfu/redirect.conf
       /etc/ipkungfu/services.conf
       /usr/sbin/ipkungfu
       /usr/share/doc/ipkungfu/AUTHORS
       /usr/share/doc/ipkungfu/README
       /usr/share/doc/ipkungfu/FAQ
       /usr/share/doc/ipkungfu/ChangeLog
       /usr/share/doc/ipkungfu/COPYING

SEE ALSO

       iptables(8).

								   January 2003 						       ipkungfu(8)

Check Out this Related Man Page

NETSCRIPT-2.2.conf(5)						File Formats Manual					     NETSCRIPT-2.2.conf(5)

NAME

       /etc/netscript/network.conf - interface, firewalling, and QoS configuration file.

       /etc/netscript/if.conf - interface setup shell script file

       /etc/netscript/qos.conf - QoS setup shell script file

       /etc/netscript/ipfilter.conf - IP chains filtering shell script file

       /etc/netscript/srvfilter.conf - server IP filter shell script file

DESCRIPTION

       This manpage is a place holder until something better is written when the netscript itself has stopped changing rapidly.

       Please  see  the README file in the /etc/netscript directory, and READ the configuration files if you need to change them.  Apart from net-
       work.conf, all of them contain sh (1) shell script functions which are there so that various things can be altered  or  hooked  in  at  the
       right place. Network.conf contains the full network setup details, including special interface setup for the likes of ciped/pppd/wanconfig,
       and is fully commented with examples given.

UPGRADE PATH FROM KERNEL 2.2.X
       The firewall/IP filtering stuff in ipfilter.conf is the part that changed radically with the move to iptables and a far better way of  set-
       ting  up  the  IP filtering rules, however the QoS and interface startup/shutdown in if.conf have changed but are backwards compatible with
       the old 2.2.x ipchains version of netscript for the interface address configuration settings.  You will have to set up the filtering  again
       to use iptables by directly using the iptables commands.

       Also,  the  kernel  2.2.x version scripts are set up so that iptables is only run on a 2.4.x kernel, otherwise IP forwarding is disabled if
       beforehand you set IPFWDING_KERNEL to FILTER_ON in network.conf.

       This means that when you upgrade a box to a 2.4.x router kernel, you should then be able to reboot it and log  into  remotely  and  upgrade
       netscript  to  the version that will support 2.4.x.  In this situation, if you have set old IPFWDING_KERNEL setting to FILTER_ON beforehand
       in network.conf, all IP forwarding through the box will also be disabled.  This means that you can safely remotely upgrade a firewall.

SEE ALSO

       netscript(8), ipchains(8), iproute(8), brcfg(8).

AUTHOR

       This manual page was written by Matthew Grant <grantma@anathoth.gen.nz>, for the Debian GNU/Linux system (but may be used by others).

BUGS

       The author is lazy.  He needs to write btter man pages...

								 November 23, 2000					     NETSCRIPT-2.2.conf(5)
Man Page