Man Linux: Main Page and Category List

NAME

       ipkungfu - An iptables-based firewall for Linux

SYNOPSIS

       ipkungfu  [  -c ] [ -t ] [ -d ] [ -h ] [ -v ] [ --quiet ] [ --panic ] [
       --no-caching

DESCRIPTION

       ipkungfu is an iptables-based Linux firewall. The primary design  goals
       are  security,  ease  of  use, and performance, in that order. It takes
       advantage of advanced features of iptables, tcpwrappers, and the  Linux
       kernel.  It  also  simplifies  the configuration of internet connection
       sharing, advanced routing, and other networking needs.

OPTIONS

       -c  (or  --check)
                   Check whether ipkungfu is loaded, and  report  any  command
                   line options it may have been loaded with.

       -t  (or  --test)
                   Runs  a configuration test, and displays the results.  Note
                   that this  does  not  test  or  display  all  configuration
                   options.   This  gives  you  an  opportunity to verify that
                   major configuration options are correct before putting them
                   into action.

       -d  (or  --disable)
                   Disables  the  firewall.   It  is important to know exactly
                   what this option does.  All traffic is allowed in and  out,
                   and  in  the  case  of  a  gateway,  all  NATed  traffic is
                   forwarded  (the  option  retains  your  connection  sharing
                   options).    Custom   rules   are   not   implemented,  and
                   deny_hosts.conf is ignored.

       -f  (or  --flush)
                   Disables the firewall COMPLETELY.  All rules  are  flushed,
                   all  chains  are  removed.  Any port forwarding or internet
                   connection sharing will cease to work.

       -h  (or  --help)
                   Displays brief usage information and exits.

       -v  (or  --version)
                   Displays version information and exits.

       --quiet     Runs ipkungfu with no standard output

       --panic     Drops  ALL  traffic  in  all  directions  on  all   network
                   interfaces.   You  should  probably  never use this option.
                   The --panic option is  available  for  the  highly  unusual
                   situation where you know that an attack is underway but you
                   know of no other way to stop it.

       --failsafe  If ipkungfu  fails,  --failsafe  will  cause  all  firewall
                   policies  to revert to ACCEPT.  This is useful when working
                   with ipkungfu remotely, to prevent loss  of  remote  access
                   due to firewall failure.

       --no-caching
                   Disables rules caching feature.

FILES

       /etc/ipkungfu/ipkungfu.conf
       /etc/ipkungfu/advanced.conf
       /etc/ipkungfu/accept_hosts.conf
       /etc/ipkungfu/deny_hosts.conf
       /etc/ipkungfu/custom.conf
       /etc/ipkungfu/log.conf
       /etc/ipkungfu/redirect.conf
       /etc/ipkungfu/services.conf
       /usr/sbin/ipkungfu
       /usr/share/doc/ipkungfu/AUTHORS
       /usr/share/doc/ipkungfu/README
       /usr/share/doc/ipkungfu/FAQ
       /usr/share/doc/ipkungfu/ChangeLog
       /usr/share/doc/ipkungfu/COPYING

SEE ALSO

       iptables(8).

                                 January 2003                      ipkungfu(8)