NAME¶
ipkungfu - An iptables-based firewall for Linux
SYNOPSIS¶
ipkungfu [
-c ] [
-t ] [
-d ] [
-h ] [
-v ] [
--quiet ] [
--panic ] [
--no-caching
DESCRIPTION¶
ipkungfu is an iptables-based Linux firewall. The primary design goals
are security, ease of use, and performance, in that order. It takes advantage
of advanced features of iptables, tcpwrappers, and the Linux kernel. It also
simplifies the configuration of internet connection sharing, advanced routing,
and other networking needs.
OPTIONS¶
-
-c (or --check)
- Check whether ipkungfu is loaded, and report any
command line options it may have been loaded with.
-
-t (or --test)
- Runs a configuration test, and displays the results. Note
that this does not test or display all configuration options. This gives
you an opportunity to verify that major configuration options are correct
before putting them into action.
-
-d (or --disable)
- Disables the firewall. It is important to know exactly what
this option does. All traffic is allowed in and out, and in the case of a
gateway, all NATed traffic is forwarded (the option retains your
connection sharing options). Custom rules are not implemented, and
deny_hosts.conf is ignored.
-
-f (or --flush)
- Disables the firewall COMPLETELY. All rules are flushed,
all chains are removed. Any port forwarding or internet connection sharing
will cease to work.
-
-h (or --help)
- Displays brief usage information and exits.
-
-v (or --version)
- Displays version information and exits.
-
--quiet
- Runs ipkungfu with no standard output
-
--panic
- Drops ALL traffic in all directions on all network
interfaces. You should probably never use this option. The --panic
option is available for the highly unusual situation where you know that
an attack is underway but you know of no other way to stop it.
-
--failsafe
- If ipkungfu fails, --failsafe will cause all
firewall policies to revert to ACCEPT. This is useful when working with
ipkungfu remotely, to prevent loss of remote access due to firewall
failure.
-
--no-caching
- Disables rules caching feature.
FILES¶
/etc/ipkungfu/ipkungfu.conf
/etc/ipkungfu/advanced.conf
/etc/ipkungfu/accept_hosts.conf
/etc/ipkungfu/deny_hosts.conf
/etc/ipkungfu/custom.conf
/etc/ipkungfu/log.conf
/etc/ipkungfu/redirect.conf
/etc/ipkungfu/services.conf
/usr/sbin/ipkungfu
/usr/share/doc/ipkungfu/AUTHORS
/usr/share/doc/ipkungfu/README
/usr/share/doc/ipkungfu/FAQ
/usr/share/doc/ipkungfu/ChangeLog
/usr/share/doc/ipkungfu/COPYING
SEE ALSO¶
iptables(8).