NAME¶
/etc/netscript/network.conf - interface, firewalling, and QoS configuration
file.
/etc/netscript/if.conf - interface setup shell script file
/etc/netscript/qos.conf - QoS setup shell script file
/etc/netscript/ipfilter.conf - IP chains filtering shell script file
/etc/netscript/srvfilter.conf - server IP filter shell script file
DESCRIPTION¶
This manpage is a place holder until something better is written when the
netscript itself has stopped changing rapidly.
Please see the README file in the /etc/netscript directory, and READ the
configuration files if you need to change them. Apart from network.conf, all
of them contain
sh (1) shell script functions which are there so that
various things can be altered or hooked in at the right place. Network.conf
contains the full network setup details, including special interface setup for
the likes of ciped/pppd/wanconfig, and is fully commented with examples given.
UPGRADE PATH FROM KERNEL 2.2.X¶
The firewall/IP filtering stuff in ipfilter.conf is the part that changed
radically with the move to iptables and a far better way of setting up the IP
filtering rules, however the QoS and interface startup/shutdown in if.conf
have changed but are backwards compatible with the old 2.2.x ipchains version
of netscript for the interface address configuration settings. You will have
to set up the filtering again to use iptables by directly using the iptables
commands.
Also, the kernel 2.2.x version scripts are set up so that iptables is only run
on a 2.4.x kernel, otherwise IP forwarding is disabled if beforehand you set
IPFWDING_KERNEL to FILTER_ON in network.conf.
This means that when you upgrade a box to a 2.4.x router kernel, you should then
be able to reboot it and log into remotely and upgrade netscript to the
version that will support 2.4.x. In this situation, if you have set old
IPFWDING_KERNEL setting to FILTER_ON beforehand in network.conf, all IP
forwarding through the box will also be disabled. This means that you can
safely remotely upgrade a firewall.
SEE ALSO¶
netscript(8),
ipchains(8),
iproute(8),
brcfg(8).
AUTHOR¶
This manual page was written by Matthew Grant <grantma@anathoth.gen.nz>,
for the Debian GNU/Linux system (but may be used by others).
BUGS¶
The author is lazy. He needs to write btter man pages...