This manual page documents the command. It is used to generate optimized packetfilter rules, using a simple description file specified by the user. Generated rules are provided in style. can be used to read or write rulesets from or to LDAP servers in your network, which provides a global storing mechanism. (LDAP support is currently broken, note that you need to include the uif.schema to your slapd configuration in order to use it.) provides an easy way to specify rules, without exact knowledge of the iptables syntax. It provides groups and aliases to make your packetfilter human readable. Keep in mind that is intended to assist you when designing firewalls, but will not tell you what to filter. The options are as follows: Turn on IPv6 mode so as to manipulate ip6tables rules. Default configuration file is changed to see below. It should be noted that nat rules are silently ignored if is used. Specify the base to act on when using LDAP based firewall configuration. will look in the subtree for your rulesets. This option specifies the configuration file to be read by See for detailed information on the fileformat. It defaults to When reading configuration data from other sources than specified with you may want to convert this information into a textual configuration file. This options writes the parsed config back to the file specified by Clears all firewall rules immediatly. If a special account is needed to bind to the LDAP database, the account dn can be specified at this point. Note: you should use this when writing an existing configuration to the LDAP. Reading the configuration may be done with an anonymous bind. Prints rules specified in the configuration to stdout. This option is mainly used for debugging the rule simplifier. Specifies the name of the ruleset to load from the LDAP database. Remember to use the option to set the base. Rulesets are stored using the following dn: where name will be replaced by the ruleset specified. Specifies the name of the ruleset to write to the LDAP database. This option can be used to convert i.e. a textual configuration to a LDAP based ruleset. Like using you've to specify the LDAP base to use. Target is where name will be replaced by the ruleset specified. This option specified the LDAP server to be used. This option is used to validate the packetfilter configuration without applying any rules. Mainly used for debugging. When changing your packetfiltering rules remotely, it is useful to have a test option. Specify this one to apply your rules for a period of time (in seconds). After that the original rules will be restored. When connecting to the LDAP server, you may need to authenticate via passwords. If you really need to specify a password, use this option, otherwise use and enter it interactivly. Activate interactive password query for LDAP authentication. is meant to leave the packetfilter rules in a defined state, so if something went wrong during the initialisation, or is aborted by the user, the rules that were active before starting will be restored. Normally you will not need to call this binary directly. Use the init script instead, since it does the most common steps for you. Configuration files are located in /etc/uif. uif.conf(5) iptables(8) This manual page was written by Cajus Pollmeier <pollmeier@gonicus.de> and Jörg Platte <joerg.platte@gmx.de>, for the Debian GNU/Linux system (but may be used by others).