ipkungfu - An iptables-based firewall for Linux
ipkungfu [ -c ] [ -t ] [ -d ] [ -h ] [ -v ] [ --quiet ] [ --panic ] [
ipkungfu is an iptables-based Linux firewall. The primary design goals
are security, ease of use, and performance, in that order. It takes
advantage of advanced features of iptables, tcpwrappers, and the Linux
kernel. It also simplifies the configuration of internet connection
sharing, advanced routing, and other networking needs.
-c (or --check)
Check whether ipkungfu is loaded, and report any command
line options it may have been loaded with.
-t (or --test)
Runs a configuration test, and displays the results. Note
that this does not test or display all configuration
options. This gives you an opportunity to verify that
major configuration options are correct before putting them
-d (or --disable)
Disables the firewall. It is important to know exactly
what this option does. All traffic is allowed in and out,
and in the case of a gateway, all NATed traffic is
forwarded (the option retains your connection sharing
options). Custom rules are not implemented, and
deny_hosts.conf is ignored.
-f (or --flush)
Disables the firewall COMPLETELY. All rules are flushed,
all chains are removed. Any port forwarding or internet
connection sharing will cease to work.
-h (or --help)
Displays brief usage information and exits.
-v (or --version)
Displays version information and exits.
--quiet Runs ipkungfu with no standard output
--panic Drops ALL traffic in all directions on all network
interfaces. You should probably never use this option.
The --panic option is available for the highly unusual
situation where you know that an attack is underway but you
know of no other way to stop it.
--failsafe If ipkungfu fails, --failsafe will cause all firewall
policies to revert to ACCEPT. This is useful when working
with ipkungfu remotely, to prevent loss of remote access
due to firewall failure.
Disables rules caching feature.
January 2003 ipkungfu(8)