Man Linux: Main Page and Category List

NAME

       filtergen - packet filter compiler

SYNOPSIS

       filtergen  [  -h  | --help ] [ -V | --version ] [ -c | --compile ] [ -t
       target | --target=target ] [ -o outfile | --output=outfile ] infile

       filtergen [ -h | --help ] [ -V | --version ] [ -c | --compile  ]  [  -t
       target  |  --target=target  ]  [  -o  outfile | --output=outfile ] [ -F
       policy | --flush=policy ]

DESCRIPTION

       filtergen compiles a high-level filtering description language  into  a
       variety of target formats.

USAGE

       filtergen  reads  the  ruleset from the infile specified on the command
       line (or standard input if infile  is  "-")  and  outputs  to  standard
       output (or outfile) via an optionally specified backend.

       Both short and GNU-style long option options are accepted:

       -c, --compile
              Only try to "compile" the input, and do not generate any output.
              This may be useful to check that an input  file  has  no  syntax
              errors  in  it  before  one attempts to use the result on a live
              server.

       -t target-filter, --target=target-filter
              If specified, target-filter will be used  to  select  an  output
              filter  type,  otherwise  the  default of iptables will be used.
              Supported backends are iptables, ipchains,  ipfilter  and  cisco
              (for Cisco IOS access-lists).

       -F policy, --flush=policy
              Flush mode.  Generate a set of rules for clearing all rules from
              the packet filter.  Useful for firewall  scripts  that  need  to
              ‘shutdown’  the  firewall.   You can supply a policy argument in
              place of the usual filename,  to  specify  whether  the  flushed
              filter  should  default to accept, reject, or drop.  It defaults
              to accept, equivalent to having no filter loaded at all.  It  is
              not necessary to specify an infile when using flush mode.

       -o outfile, --output=outfile
              Write output to outfile instead of standard output.

       -h, --help
              Show command help.

       -V, --version
              Show program version.

BUGS

       Not all backends implement all features.

       The packet filter is not optimised.

SEE ALSO

       fgadm(8), filter_syntax(5), filter_backends(7)

AUTHOR

       filtergen  was originally written by Matthew Kirkwood.  Jamie Wilkinson
       <jaq@spacepants.org> then rewrote a lot of the  internals,  added  some
       features, and took on maintenance of the project.

                                January 7, 2004