NAME
fgadm - filtergen command program
SYNOPSIS
fgadm [ check | reload | save | stop ]
DESCRIPTION
fgadm is a simple command interface for managing filtergen(8) based
packet filters.
USAGE
fgadm can be used to stop existing filters (thus turning them off),
reload new packet filters, save currently running filters for
longevity, and to check filter scripts for errors before reloading.
The following commands are accepted by fgadm:
check Check the filter script /etc/filtergen/rules.filter for errors.
The generated filter will be printed on standard output, and
errors printed to standard error.
reload Replace the current live packet filter with the one in
/etc/filtergen/rules.filter. The script will be tested for
errors before reloading.
save The current live packet filter will be saved in a distribution-
friendly way. On Red Hat systems, this will save the iptables
or ipchains firewall that is currently loaded into the kernel to
load at boot with the iptables or ipchains initscript.
stop This command will flush the current live packet filter out and
put it in a default accept mode, thus no firewalling will be in
place. This is useful to abort firewalls in an emergency.
EXAMPLES
One may find the following sequence of commands useful for making
firewall changes on live servers:
# at now + 2 min
warning: commands will be executed using (in order) a) $SHELL b) login
shell c) /bin/sh
at> fgadm stop
at> ^D<EOT>
job 53 at 2004-06-07 17:25
# fgadm check
# fgadm reload
# atq
53
# atrm 53
# fgadm save
FILES
/etc/filtergen/rules.filter
Packet filter descriptions are read from this file when fgadm is used.
/etc/filtergen/fgadm.conf
This file alters the behaviour of filtergen as called from fgadm.
BUGS
fgadm save does not work on Debian systems with iptables due to a lack
of common sense in the iptables package.
SEE ALSO
filtergen(8), filter_syntax(5), filter_backends(5)
AUTHOR
fgadm was written by Jamie Wilkinson <jaq@spacepants.org> for the
filtergen package, to ease maintenance of filtergen-based firewalls.
June 7, 2004