ipkungfu - An iptables-based firewall for Linux
ipkungfu [ -c ] [ -t ] [ -d ] [
-h ] [ -v ] [ --quiet ] [ --panic ] [
--no-caching
ipkungfu is an iptables-based Linux firewall. The primary
design goals are security, ease of use, and performance, in that order. It
takes advantage of advanced features of iptables, tcpwrappers, and the Linux
kernel. It also simplifies the configuration of internet connection sharing,
advanced routing, and other networking needs.
- -c (or --check)
- Check whether ipkungfu is loaded, and report any command line
options it may have been loaded with.
- -t (or --test)
- Runs a configuration test, and displays the results. Note that this does
not test or display all configuration options. This gives you an
opportunity to verify that major configuration options are correct before
putting them into action.
- -d (or --disable)
- Disables the firewall. It is important to know exactly what this option
does. All traffic is allowed in and out, and in the case of a gateway, all
NATed traffic is forwarded (the option retains your connection sharing
options). Custom rules are not implemented, and deny_hosts.conf is
ignored.
- -f (or --flush)
- Disables the firewall COMPLETELY. All rules are flushed, all chains are
removed. Any port forwarding or internet connection sharing will cease to
work.
- -h (or --help)
- Displays brief usage information and exits.
- -v (or --version)
- Displays version information and exits.
- --quiet
- Runs ipkungfu with no standard output
- --panic
- Drops ALL traffic in all directions on all network interfaces. You should
probably never use this option. The --panic option is available for
the highly unusual situation where you know that an attack is underway but
you know of no other way to stop it.
- --failsafe
- If ipkungfu fails, --failsafe will cause all firewall policies to
revert to ACCEPT. This is useful when working with ipkungfu remotely, to
prevent loss of remote access due to firewall failure.
- --no-caching
- Disables rules caching feature.
/etc/ipkungfu/ipkungfu.conf
/etc/ipkungfu/advanced.conf
/etc/ipkungfu/accept_hosts.conf
/etc/ipkungfu/deny_hosts.conf
/etc/ipkungfu/custom.conf
/etc/ipkungfu/log.conf
/etc/ipkungfu/redirect.conf
/etc/ipkungfu/services.conf
/usr/sbin/ipkungfu
/usr/share/doc/ipkungfu/AUTHORS
/usr/share/doc/ipkungfu/README
/usr/share/doc/ipkungfu/FAQ
/usr/share/doc/ipkungfu/ChangeLog
/usr/share/doc/ipkungfu/COPYING