.\" Hey, EMACS: -*- nroff -*- .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) .TH NETSCRIPT 8 "January 9, 2014" .\" Please adjust this date whenever revising the manpage. .\" .\" Some roff macros, for reference: .\" .nh disable hyphenation .\" .hy enable hyphenation .\" .ad l left justify .\" .ad b justify to both left and right margins .\" .nf disable filling .\" .fi enable filling .\" .br insert line break .\" .sp insert n+1 empty lines .\" for manpage-specific macros, see man(7) .SH NAME netscript \- netscript network configuration command .SH SYNOPSIS .B netscript start|stop|reload|restart .br .B netscript ifup|ifdown|ifqos|ifreload .I |all .br .B netscript ipfilter load|clear|fairq|flush|reload|save .br .BI netscript\ ipfilter\ usebackup\ [ \ backup-number\ ] .br .B netscript ipfilter exec .I | [chain p1 p2 ...] .br .B netscript ip6filter load|clear|fairq|flush|reload|save .br .BI netscript\ ip6filter\ usebackup\ [ \ backup-number\ ] .br .B netscript ip6filter exec .I | [chain p1 p2 ...] .br .SH DESCRIPTION This manual page documents briefly the .B netscript command from the netscript router/firewall network configuration package. This command is used to configure/reconfigure the interface configuration, ipchains filter setup, and ip route service ( .B QoS ) setup that are configured in netscript's configuration files. It can manipulate individual interfaces, and reconfigure the iptables filter contents and firewall setup, or reconfigure the .B QoS setup. It is rather incomplete as it does not describe fully the finely tuned manipulations that happen due to netscript's design which enables a Linux box to serve as a high availability heavy-duty mission-critcial network router or firewall. .SH IPTABLES CONFIGURATION Configuration saving is done by .BR iptables-save (8) and .BR iptables-restore (8). .SH OPTIONS .TP .B start Set up networking configuration by loading iptables filters, setting up bridge, configuring interfaces and running any configured lower layer protocol daemons or commands. For use from a startup script. .TP .B stop Shut everything down. For use from a startup script. .TP .B reload Refresh the setup of netscript (except for kernel modules) from the configuration files in /etc/netscript .TP .B restart|force-reload Stop everything and then start everything again. For use from a startup script. .TP .BI ifup \ |all Bring interfaces(s) up by starting any protocol daemons, and configuring interfaces. .TP .BI ifdown \ |all Shutdown said interface(s) by doing reverse of ifdown. .TP .BI ifqos \ |all Reload QoS configuration for interface(s). .TP .BI ifreload \ |all Refresh the interface setup and implement any configuration changes. .TP .BI ifreset \ |all Shutdown and then restart interface(s), reloading configuration from lower layer up to the network layer. .TP .B ipfilter load|reload Load/reload the IPv4 iptables filters and reconfigure the firewalling, from that saved in .I /etc/netscript/iptables (via .B iptables-restore(8) ), and the QoS fair queuing setup. .TP .B ipfilter save Save the IPv4 iptables configuration to /etc/netscript/iptables via .B iptables-save(8) , after backing it up to .I /etc/netscript/iptables.1 and cycling the previous backup files down through the configuration history. .TP .BI ipfilter\ usebackup\ [ \ backup-number\ ] Restore setup from the IPv4 iptables backup configuration from .I /etc/netscript/iptables.n ( default 1 ) via .B iptables-restore(8). .TP .B ipfilter clear|flush Remove iptables and any firewall setup, and if IPV4_FWDING_KERNEL is set to FILTER_ON (see .B network.conf(5) ), disables all IPv4 packet forwarding on the router. Very useful for debugging protocol problems on a firewall by enabling a reasonably safe check to be made with the filtering down. .TP .B ipfilter forward|fwd Turns on the IPv4 kernel forwarding switch manually. This is irrespective of the setting of IPV4_FWDING_KERNEL (see .B network.conf(5) ). Use with .I caution as it will allow traffic through the box. .TP .B ipfilter noforward|nofwd Turns off the IPv4 kernel forwarding switch manually. This is irrespective of the setting of IPV4_FWDING_KERNEL (see .B network.conf(5) ). Use with .I caution as it will cut off reachability. .TP .B ipfilter fairq Reload the IPv4 .I fairq chain that marks the packets for the .B QoS interface transmit queues. .TP .B ip6filter load|reload Load/reload the IPv6 iptables filters and reconfigure the firewalling, from that saved in .I /etc/netscript/ip6tables (via .B ip6tables-restore(8) ), and the QoS fair queuing setup. .TP .B ip6filter save Save the IPv6 iptables configuration to /etc/netscript/iptables via .B ip6tables-save(8) , after backing it up to .I /etc/netscript/ip6tables.1 and cycling the previous backup files down through the configuration history. .TP .BI ip6filter\ usebackup\ [ \ backup-number\ ] Restore setup from the IPv6 iptables backup configuration from .I /etc/netscript/ip6tables.n ( default 1 ) via .B ip6tables-restore(8). .TP .B ip6filter clear|flush Remove IPv6 iptables setup, and if IPV6_FWDING_KERNEL is set to FILTER_ON (see .B network.conf(5) ), disables all IPv6 packet forwarding on the router. Very useful for debugging protocol problems on a firewall by enabling a reasonably safe check to be made with the filtering down. .TP .B ip6filter forward|fwd Turns on the IPv6 kernel forwarding switch manually. This is irrespective of the setting of IPV6_FWDING_KERNEL (see .B network.conf(5) ). Use with .I caution as it will allow traffic through the box. .TP .B ip6filter noforward|nofwd Turns off the IPv6 kernel forwarding switch manually. This is irrespective of the setting of IPV6_FWDING_KERNEL (see .B network.conf(5) ). Use with .I caution as it will affect reachability. .TP .B ip6filter fairq Reload the IPv6 .I fairq chain that marks the packets for the .B QoS interface transmit queues. .SH FILES .I /etc/netscript/if.conf, /etc/netscript/ipfilter.conf, .br .I /etc/netscript/network.conf, /etc/netscript/qos.conf, .br .I /etc/netscript/iptables, /etc/netscript/ip6tables, .br .SH SEE ALSO .BR if.conf (5), .BR ipfilter.conf (5), .BR network.conf (5), .BR qos.conf (5), .BR ip (8), .BR tc (8), .BR iptables (8), .BR iptables-restore (8), .BR iptables-save (8), .BR ip6tables (8), .BR ip6tables-restore (8), .BR ip6tables-save (8), .BR brcfg (8). .br .SH AUTHOR This manual page was written by Matthew Grant , for the Debian GNU/Linux system (but may be used by others). .SH BUGS I wrote this manpage when I was half asleep...