NAME

netscript - netscript network configuration command

SYNOPSIS

DESCRIPTION

This manual page documents briefly the netscript command from the netscript router/firewall network configuration package.

This command is used to configure/reconfigure the iptables filter setup, that are configured in netscript's configuration files.

IPTABLES CONFIGURATION

Configuration saving is done by iptables-save(8) and iptables-restore(8).

OPTIONS

start: Set up networking configruation by loading ipcahins filters, setting up bridge, configuring interfaces and running any configured lower layer protocol daemons or commands. For use from a startup script.
stop: Shut everything down. For use from a startup script.
reload: Refresh the setup of netscript from the configuration files in /etc/netscript
restart|force-reload: Stop everthing and then start everything again. For use from a startup script.
ipfilter load|reload: Load/reload the IPv4 iptables filters and reconfigure the firewalling, from that saved in /etc/netscript/iptables (via iptables-restore(8) ), and the QoS fair queuing setup.
ipfilter save: Save the IPv4 iptables configuration to /etc/netscript/iptables via iptables-save(8) , after backing it up to /etc/netscript/iptables.1 and cycling the previous backup files down through the configuration history.
ipfilter usebackup [ backup-number ]: Restore setup from the IPv4 iptables backup configuration from /etc/netscript/iptables.n ( default 1 ) via iptables-restore(8).
ipfilter clear|flush: Remove iptables and any firewall setup, and if IPV4_FWDING_KERNEL is set to FILTER_ON (see network.conf(5) ), disables all IPv4 packet forwarding on the router. Very useful for debugging protocol problems on a firewall by enabling a reasonably safe check to be made with the filtering down.
ipfilter forward|fwd: Turns on the IPv4 kernel forwarding switch manually. This is irrespective of the setting of IPV4_FWDING_KERNEL (see network.conf(5) ). Use with caution as it will allow traffic through the box.
ipfilter noforward|nofwd: Turns off the IPv4 kernel forwarding switch manually. This is irrespective of the setting of IPV4_FWDING_KERNEL (see network.conf(5) ). Use with caution as it will cut off reachability.
ipfilter fairq: Reload the IPv4 fairq chain that marks the packets for the QoS interface transmit queues.
ip6filter load|reload: Load/reload the IPv6 iptables filters and reconfigure the firewalling, from that saved in /etc/netscript/ip6tables
(via ip6tables-restore(8) ), and the QoS fair queuing setup.
ip6filter save: Save the IPv6 iptables configuration to /etc/netscript/iptables via ip6tables-save(8) , after backing it up to /etc/netscript/ip6tables.1 and cycling the previous backup files down through the configuration history.
ip6filter usebackup [ backup-number ]: Restore setup from the IPv6 iptables backup configuration from /etc/netscript/ip6tables.n ( default 1 ) via ip6tables-restore(8).
ip6filter clear|flush: Remove IPv6 iptables setup, and if IPV6_FWDING_KERNEL is set to FILTER_ON (see network.conf(5) ), disables all IPv6 packet forwarding on the router. Very useful for debugging protocol problems on a firewall by enabling a reasonably safe check to be made with the filtering down.
ip6filter forward|fwd: Turns on the IPv6 kernel forwarding switch manually. This is irrespective of the setting of IPV6_FWDING_KERNEL (see network.conf(5) ). Use with caution as it will allow traffic through the box.
ip6filter noforward|nofwd: Turns off the IPv6 kernel forwarding switch manually. This is irrespective of the setting of IPV6_FWDING_KERNEL (see network.conf(5) ). Use with caution as it will affect reachability.
ip6filter fairq: Reload the IPv6 fairq chain that marks the packets for the QoS interface transmit queues.

FILES

/etc/netscript/ipfilter.conf, /etc/netscript/network.conf,
/etc/netscript/iptables, /etc/netscript/ip6tables,

AUTHOR

This manual page was written by Matthew Grant <matt@mattgrant.net.nz>, for the Debian GNU/Linux system (but may be used by others).

BUGS

I wrote this manpage when I was half asleep...

January 24, 2014