Man Linux: Main Page and Category List

NAME

       knoptm - Daemon in charge to remove firewall rules.

DESCRIPTION

       knoptm  is a daemon that removes rule entries from the iptables or ipfw
       policies to which fwknop has added access rules for  legitimate  fwknop
       PK/SPA clients.  This daemon runs in all authentication modes supported
       by fwknopd (both port knocking and SPA),  and  enforces  rule  timeouts
       that defined by the /etc/fwknop/access.conf file.

OPTIONS

       -c, --config <config-file>
              When    run   as   a   daemon   knoptm   references   the   file
              /etc/fwknop/fwknop.conf  for  various   run-time   configuration
              variables.  The path to this file can be changed through the use
              of the --config command line option.

       -i, --interface
              Specify the interface that  fwknopd  sniffs  to  acquire  packet
              data.   This  is  used  for  running  interface  checks, such as
              checking whether the interface has been  deleted  and  recreated
              (e.g.  ppp  restart  for  a VPN connection).  The fwknopd daemon
              passes this argument on the knoptm command line.

       --Debug-to-file <file>
              Allow the user to collect outputs  from  the  knoptm  daemon  by
              writing debug informations to a specific file.

       --firewall-type <firewall>
              Manually specify the firewall type from the command line.

       -h, --help
              Display usage information and exit.

       -V, --Version
              Display version information and exit.

       --Lib-dir <directory>
              Path to the perl modules directory (not usually necessary).

       -l,  --locale <locale>
              Provide a locale setting other than the default "C" locale.

       --no-locale
              Do  not  set the locale at all so that the default system locale
              will apply.

       --no-logs
              Do not generate any log output or  emails  (fwknop_test.pl  uses
              this).

       --no-voluntary-exits
              Disregard     ENABLE_VOLUNTARY_EXITS     setting.    This    way
              fwknopd/knoptm is  not  allowed  to  be  restarted  periodically
              according to EXIT_INTERVAL.

       -O, --Override-config <file>
              Override  config variable values that are normally read from the
              /etc/fwknop/fwknop.conf file  with  values  from  the  specified
              file.  Multiple  override  config  files can be given as a comma
              separated list.

DIAGNOSTICS

       knoptm can be run in debug mode with the --debug command  line  option.
       This  will disable daemon mode execution, and print verbose information
       to the screen on STDERR.

SEE ALSO

       fwknopd(8),

AUTHOR

       Michael Rash <mbr@cipherdyne.org>

DISTRIBUTION

       knoptm is distributed under the GNU General Public License  (GPL),  and
       the latest version may be downloaded from http://www.cipherdyne.org/