ipf.8 (31183) | ipf.8 (34739) |
---|---|
1.TH IPF 8 2.SH NAME 3ipf \- alters packet filtering lists for IP packet input and output 4.SH SYNOPSIS 5.B ipf 6[ 7.B \-AdDEInorsUvyzZ 8] [ 9.B \-l 10<block|pass|nomatch> 11] [ 12.B \-F | 1.TH IPF 8 2.SH NAME 3ipf \- alters packet filtering lists for IP packet input and output 4.SH SYNOPSIS 5.B ipf 6[ 7.B \-AdDEInorsUvyzZ 8] [ 9.B \-l 10<block|pass|nomatch> 11] [ 12.B \-F |
13 | 13<i|o|a|s|S> |
14] 15.B \-f 16<\fIfilename\fP> 17[ 18.B \-f 19<\fIfilename\fP> 20[...]] 21.SH DESCRIPTION --- 16 unchanged lines hidden (view full) --- 38it processes each one. 39.TP 40.B \-D 41Disable the filter (if enabled). Not effective for loadable kernel versions. 42.TP 43.B \-E 44Enable the filter (if disabled). Not effective for loadable kernel versions. 45.TP | 14] 15.B \-f 16<\fIfilename\fP> 17[ 18.B \-f 19<\fIfilename\fP> 20[...]] 21.SH DESCRIPTION --- 16 unchanged lines hidden (view full) --- 38it processes each one. 39.TP 40.B \-D 41Disable the filter (if enabled). Not effective for loadable kernel versions. 42.TP 43.B \-E 44Enable the filter (if disabled). Not effective for loadable kernel versions. 45.TP |
46.BR \-F \0<param> | 46.BR \-F \0<i|o|a> |
47This option specifies which filter list to flush. The parameter should 48either be "i" (input), "o" (output) or "a" (remove all filter rules). 49Either a single letter or an entire word starting with the appropriate 50letter maybe used. This option maybe before, or after, any other with 51the order on the command line being that used to execute options. 52.TP | 47This option specifies which filter list to flush. The parameter should 48either be "i" (input), "o" (output) or "a" (remove all filter rules). 49Either a single letter or an entire word starting with the appropriate 50letter maybe used. This option maybe before, or after, any other with 51the order on the command line being that used to execute options. 52.TP |
53.BR \-F \0<s|S> 54To flush entries from the state table, the \fB-F\fP option is used in 55conjuction with either "s" (removes state information about any non-fully 56established connections) or "S" (deletes the entire state table). Only 57one of the two options may be given. A fully established connection 58will show up in \fBipfstat -s\fP output as 4/4, with deviations either 59way indicating it is not fully established any more. 60.TP |
|
53.BR \-f \0<filename> 54This option specifies which files 55\fBipf\fP should use to get input from for modifying the packet filter rule 56lists. 57.TP 58.B \-I 59Set the list to make changes to the inactive list. 60.TP --- 33 unchanged lines hidden (view full) --- 94For each rule in the input file, reset the statistics for it to zero and 95display the statistics prior to them being zero'd. 96.TP 97.B \-Z 98Zero global statistics held in the kernel for filtering only (this doesn't 99affect fragment or state statistics). 100.DT 101.SH SEE ALSO | 61.BR \-f \0<filename> 62This option specifies which files 63\fBipf\fP should use to get input from for modifying the packet filter rule 64lists. 65.TP 66.B \-I 67Set the list to make changes to the inactive list. 68.TP --- 33 unchanged lines hidden (view full) --- 102For each rule in the input file, reset the statistics for it to zero and 103display the statistics prior to them being zero'd. 104.TP 105.B \-Z 106Zero global statistics held in the kernel for filtering only (this doesn't 107affect fragment or state statistics). 108.DT 109.SH SEE ALSO |
102ipfstat(1), ipftest(1), ipf(5), mkfilters(1) | 110ipfstat(8), ipftest(1), ipf(5), mkfilters(1) |
103.SH DIAGNOSTICS 104.PP 105Needs to be run as root for the packet filtering lists to actually 106be affected inside the kernel. 107.SH BUGS 108.PP 109If you find any, please send email to me at darrenr@cyber.com.au | 111.SH DIAGNOSTICS 112.PP 113Needs to be run as root for the packet filtering lists to actually 114be affected inside the kernel. 115.SH BUGS 116.PP 117If you find any, please send email to me at darrenr@cyber.com.au |