table of contents
other versions
- wheezy 1.0.6-1.1
- wheezy-backports 1.1.3-1~bpo70+1
- jessie 1.1.4-2
- testing 1.1.8-2
- unstable 1.1.8-2
UIF(8) | System Manager's Manual | UIF(8) |
This manual page documents the command. It is used to
generate optimized packetfilter rules, using a simple description file
specified by the user. Generated rules are provided in style. can be used to
read or write rulesets from or to LDAP servers in your network, which provides
a global storing mechanism. (LDAP support is currently broken, note that you
need to include the uif.schema to your slapd configuration in order to use
it.) provides an easy way to specify rules, without exact knowledge of the
iptables syntax. It provides groups and aliases to make your packetfilter
human readable. Keep in mind that is intended to assist you when designing
firewalls, but will not tell you what to filter. The options are as follows:
Turn on IPv6 mode so as to manipulate ip6tables rules. Default configuration
file is changed to see below. It should be noted that nat rules are silently
ignored if is used. Specify the base to act on when using LDAP based firewall
configuration. will look in the subtree for your rulesets. This option
specifies the configuration file to be read by See for detailed information on
the fileformat. It defaults to When reading configuration data from other
sources than specified with you may want to convert this information into a
textual configuration file. This options writes the parsed config back to the
file specified by Clears all firewall rules immediatly. If a special account
is needed to bind to the LDAP database, the account dn can be specified at
this point. Note: you should use this when writing an existing configuration
to the LDAP. Reading the configuration may be done with an anonymous bind.
Prints rules specified in the configuration to stdout. This option is mainly
used for debugging the rule simplifier. Specifies the name of the ruleset to
load from the LDAP database. Remember to use the option to set the base.
Rulesets are stored using the following dn: where name will be replaced by the
ruleset specified. Specifies the name of the ruleset to write to the LDAP
database. This option can be used to convert i.e. a textual configuration to a
LDAP based ruleset. Like using you've to specify the LDAP base to use. Target
is where name will be replaced by the ruleset specified. This option specified
the LDAP server to be used. This option is used to validate the packetfilter
configuration without applying any rules. Mainly used for debugging. When
changing your packetfiltering rules remotely, it is useful to have a test
option. Specify this one to apply your rules for a period of time (in
seconds). After that the original rules will be restored. When connecting to
the LDAP server, you may need to authenticate via passwords. If you really
need to specify a password, use this option, otherwise use and enter it
interactivly. Activate interactive password query for LDAP authentication. is
meant to leave the packetfilter rules in a defined state, so if something went
wrong during the initialisation, or is aborted by the user, the rules that
were active before starting will be restored. Normally you will not need to
call this binary directly. Use the init script instead, since it does the most
common steps for you. Configuration files are located in /etc/uif. uif.conf(5)
iptables(8) This manual page was written by Cajus Pollmeier
<pollmeier@gonicus.de> and Jörg Platte <joerg.platte@gmx.de>,
for the Debian GNU/Linux system (but may be used by others).
February 25th, 2002 |